CVE-2025-69420
Description
Issue summary: A type confusion vulnerability exists in the TimeStamp Responseverification code where an ASN1_TYPE union member is accessed without firstvalidating the type, causing an invalid or null pointer dereference whenprocessing a malformed TimeStamp Response file.Impact summary: An application calling TS_RESP_verify_response() with amalformed TimeStamp Response can be caused to dereference an invalid ornull pointer when reading, resulting in a Denial of Service.The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()access the signing cert attribute value without validating its type.When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memorythrough the ASN1_TYPE union, causing a crash.Exploiting this vulnerability requires an attacker to provide a malformedTimeStamp Response to an application that verifies timestamp responses. TheTimeStamp protocol (RFC 3161) is not widely used and the impact of theexploit is just a Denial of Service. For these reasons the issue wasassessed as Low severity.The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,as the TimeStamp Response implementation is outside the OpenSSL FIPS moduleboundary.OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.OpenSSL 1.0.2 is not affected by this issue.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM MQ 9.3.5.1 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 3.4.3 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 3.5.4 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 3.6.0 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 3.0.18 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 3.3.5 | Windows |
| Multiple Vulnerabilities are affected in OpenSSL 1.1.1ze | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (3.6.1) | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (x64) (3.6.1) | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light (3.6.1) | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light (x64) (3.6.1) | Windows |
| Multiple vulnerabilities are fixed in OpenSSL 3.5.5 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL 3.4.4 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL 3.3.6 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL 3.0.19 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.6.1 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.5.5 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.4.4 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.3.6 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x64) 3.0.19 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.6.1 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.5.5 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.4.4 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.3.6 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL (MSI)(x86) 3.0.19 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.1.0.33 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.2.0.40 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.3.0.36 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.4.0.17 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.4.5.0 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light 3.5.5 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light 3.4.4 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light 3.3.6 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light 3.0.19 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light (x64) 3.5.5 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light (x64) 3.4.4 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light (x64) 3.3.6 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Light (x64) 3.0.19 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library 3.6.1 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library 3.5.5 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library 3.4.4 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library 3.3.6 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library 3.0.19 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library x86 3.6.1 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library x86 3.5.5 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library x86 3.4.4 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library x86 3.3.6 | Windows |
| Multiple vulnerabilities are fixed in OpenSSL Library x86 3.0.19 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355450 | OpenSSL (x64) (3.6.1) |
| PATCH-355451 | OpenSSL Light (3.6.1) |
| PATCH-355452 | OpenSSL Light (x64) (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355449 | OpenSSL (3.6.1) |
| PATCH-355451 | OpenSSL Light (3.6.1) |
| PATCH-355451 | OpenSSL Light (3.6.1) |
| PATCH-355451 | OpenSSL Light (3.6.1) |
| PATCH-355451 | OpenSSL Light (3.6.1) |
| PATCH-355452 | OpenSSL Light (x64) (3.6.1) |
| PATCH-355452 | OpenSSL Light (x64) (3.6.1) |
| PATCH-355452 | OpenSSL Light (x64) (3.6.1) |
| PATCH-355452 | OpenSSL Light (x64) (3.6.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234