{"id":38133,"date":"2026-01-29T09:39:20","date_gmt":"2026-01-29T09:39:20","guid":{"rendered":"http:\/\/localhost\/?p=38133"},"modified":"2026-01-29T09:39:20","modified_gmt":"2026-01-29T09:39:20","slug":"out-of-bounds-write-in-pkcs12getfriendlyname-utf-8-conversion","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=38133","title":{"rendered":"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419"},"content":{"rendered":"

{“lastseen”:””,”description”:”Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\\nnon-ASCII BMP code point can trigger a one byte write before the allocated\\nbuffer.\\n\\nImpact summary: The out-of-bounds write can cause a memory corruption\\nwhich can have various consequences including a Denial of Service.\\n\\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\\nvalue is added to the output length without validation, causing the\\nlength to become negative. The subsequent trailing NUL byte is then written\\nat a negative offset, causing write outside of heap allocated buffer.\\n\\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\\ninvokes the vulnerable function. Exploitation requires an attacker to provide\\na malicious PKCS#12 file to be parsed by the application and the attacker\\ncan just trigger a one zero byte write before the allocated buffer.\\nFor that reason the issue was assessed as Low severity according to our\\nSecurity Policy.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\\n\\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\\n\\nOpenSSL 1.0.2 is not affected by this issue.”,”published”:”2026-01-27T16:01:24.822Z”,”modified”:”2026-01-29T15:09:39.154Z”,”type”:”cve”,”title”:”Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion”,”source”:”openssl”,”references”:”https:\/\/openssl-library.org\/news\/secadv\/20260127.txt\\nhttps:\/\/github.com\/openssl\/openssl\/commit\/7e9cac9832e4705b91987c2474ed06a37a93cecb\\nhttps:\/\/github.com\/openssl\/openssl\/commit\/ff628933755075446bca8307e8417c14d164b535\\nhttps:\/\/github.com\/openssl\/openssl\/commit\/cda12de3bc0e333ea8d2c6fd15001dbdaf280015\\nhttps:\/\/github.com\/openssl\/openssl\/commit\/a26a90d38edec3748566129d824e664b54bee2e2\\nhttps:\/\/github.com\/openssl\/openssl\/commit\/41be0f216404f14457bbf3b9cc488dba60b49296″,”id”:”CVE-2025-69419″,”bulletinFamily”:””,”cwe”:[“CWE-787″],”cvelist”:null,”sourceData”:”OpenSSL OpenSSL 3.6.0\\nOpenSSL OpenSSL 3.5.0\\nOpenSSL OpenSSL 3.4.0\\nOpenSSL OpenSSL 3.3.0\\nOpenSSL OpenSSL 3.0.0\\nOpenSSL OpenSSL 1.1.1″,”sourceHref”:””,”cvss”:{“score”:7.4,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”OpenSSL”,”version”:”3.6.0″,”vendor”:”OpenSSL”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\\nnon-ASCII BMP code point can trigger a one byte…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,29,12,15,13,7,11,5],"class_list":["post-38133","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-74","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nOut of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=38133\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”Issue summary: Calling PKCS12_get_friendlyname() function on a maliciouslyncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containingnnon-ASCII BMP code point can trigger a one byte...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=38133\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-29T09:39:20+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38133#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38133\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419\",\"datePublished\":\"2026-01-29T09:39:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38133\"},\"wordCount\":500,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.4\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38133#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38133\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38133\",\"name\":\"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-29T09:39:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38133#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38133\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38133#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=38133","og_locale":"en_US","og_type":"article","og_title":"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419 - zero redgem","og_description":"{“lastseen”:””,”description”:”Issue summary: Calling PKCS12_get_friendlyname() function on a maliciouslyncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containingnnon-ASCII BMP code point can trigger a one byte...","og_url":"https:\/\/zero.redgem.net\/?p=38133","og_site_name":"zero redgem","article_published_time":"2026-01-29T09:39:20+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=38133#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=38133"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419","datePublished":"2026-01-29T09:39:20+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=38133"},"wordCount":500,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.4","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=38133#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=38133","url":"https:\/\/zero.redgem.net\/?p=38133","name":"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-29T09:39:20+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=38133#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=38133"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=38133#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion_CVE-2025-69419"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38133","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=38133"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38133\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=38133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=38133"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=38133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}