{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-27T00:00:00Z",
  "bugzilla" : {
    "description" : "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing",
    "id" : "2430386",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2430386"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-131",
  "details" : [ "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\nOpenSSL 1.0.2 is not affected by this issue.", "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution." ],
  "statement" : "This vulnerability is rated Moderate for Red Hat. An out-of-bounds write in OpenSSL's PKCS12_get_friendlyname() function can lead to denial of service or arbitrary code execution. Exploitation requires an application to parse a specially crafted malicious PKCS#12 file. Red Hat FIPS modules are not affected as the PKCS#12 implementation is outside the FIPS module boundary.",
  "affected_release" : [ {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-apr-util-0:1.6.3-4.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-httpd-0:2.4.62-11.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_http2-0:2.0.29-8.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_jk-0:1.2.50-12.redhat_1.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_md-1:2.4.28-13.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_proxy_cluster-0:1.3.22-7.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services for RHEL 8",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el8",
    "package" : "jbcs-httpd24-mod_security-0:2.9.6-14.el8jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-apr-util-0:1.6.3-4.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-curl-0:8.11.0-4.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-httpd-0:2.4.62-11.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_http2-0:2.0.29-8.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_jk-0:1.2.50-12.redhat_1.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_md-1:2.4.28-13.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_proxy_cluster-0:1.3.22-7.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_security-0:2.9.6-14.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-openssl-1:1.1.1k-21.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-openssl-chil-0:1.0.0-25.el7jbcs"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2994",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-openssl-pkcs11-0:0.4.12-5.el7jbcs"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1472",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "openssl-1:3.5.1-7.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1496",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "openssl-1:3.2.2-16.el10_0.6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:3042",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "openssl-1:1.1.1k-15.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2026-03-10T00:00:00Z",
    "advisory" : "RHSA-2026:4214",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "openssl-1:1.1.1c-21.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-03-10T00:00:00Z",
    "advisory" : "RHSA-2026:4163",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "openssl-1:1.1.1g-18.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-03-10T00:00:00Z",
    "advisory" : "RHSA-2026:4163",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "openssl-1:1.1.1g-18.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-02-26T00:00:00Z",
    "advisory" : "RHSA-2026:3437",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "openssl-1:1.1.1k-15.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-02-26T00:00:00Z",
    "advisory" : "RHSA-2026:3437",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "openssl-1:1.1.1k-15.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-02-26T00:00:00Z",
    "advisory" : "RHSA-2026:3437",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "openssl-1:1.1.1k-15.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3364",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "openssl-1:1.1.1k-15.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3364",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "openssl-1:1.1.1k-15.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1473",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "openssl-1:3.5.1-7.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-03-12T00:00:00Z",
    "advisory" : "RHSA-2026:4472",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "compat-openssl11-1:1.1.1k-5.el9_7.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1473",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "openssl-1:3.5.1-7.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-02-02T00:00:00Z",
    "advisory" : "RHSA-2026:1733",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "openssl-1:3.0.1-46.el9_0.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-03-23T00:00:00Z",
    "advisory" : "RHSA-2026:5214",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "compat-openssl11-1:1.1.1k-4.el9_0.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1594",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "openssl-1:3.0.7-18.el9_2.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-03-23T00:00:00Z",
    "advisory" : "RHSA-2026:5217",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "compat-openssl11-1:1.1.1k-4.el9_2.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-01-29T00:00:00Z",
    "advisory" : "RHSA-2026:1519",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "openssl-1:3.0.7-29.el9_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-03-17T00:00:00Z",
    "advisory" : "RHSA-2026:4825",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "compat-openssl11-1:1.1.1k-5.el9_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-01-28T00:00:00Z",
    "advisory" : "RHSA-2026:1503",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "openssl-1:3.2.2-7.el9_6.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-03-17T00:00:00Z",
    "advisory" : "RHSA-2026:4824",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "compat-openssl11-1:1.1.1k-5.el9_6.2"
  }, {
    "product_name" : "Red Hat JBoss Core Services 2.4.62.SP3",
    "release_date" : "2026-02-23T00:00:00Z",
    "advisory" : "RHSA-2026:2995",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1",
    "package" : "openssl"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.12",
    "release_date" : "2026-03-12T00:00:00Z",
    "advisory" : "RHSA-2026:3861",
    "cpe" : "cpe:/a:redhat:openshift:4.12::el8",
    "package" : "rhcos-412.86.202603041314-0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.16",
    "release_date" : "2026-04-02T00:00:00Z",
    "advisory" : "RHSA-2026:5873",
    "cpe" : "cpe:/a:redhat:openshift:4.16::el9",
    "package" : "rhcos-416.94.202603231244-0"
  }, {
    "product_name" : "Cost Management 4",
    "release_date" : "2026-02-24T00:00:00Z",
    "advisory" : "RHSA-2026:3228",
    "cpe" : "cpe:/a:redhat:cost_management:4::el9",
    "package" : "costmanagement/costmanagement-metrics-rhel9-operator:sha256:1dd05671a8614a4354d9ebf94673f9e1bfd7a38af7052c2a4b9a25264f3ee4e1"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "release_date" : "2026-02-02T00:00:00Z",
    "advisory" : "RHSA-2026:1736",
    "cpe" : "cpe:/a:redhat:discovery:2::el9",
    "package" : "discovery/discovery-server-rhel9:sha256:519d4fe184cebe5152f840e9f609fa4705590656ac9bcace2e2e17622ab7e6a8"
  }, {
    "product_name" : "Red Hat Discovery 2",
    "release_date" : "2026-02-02T00:00:00Z",
    "advisory" : "RHSA-2026:1736",
    "cpe" : "cpe:/a:redhat:discovery:2::el9",
    "package" : "discovery/discovery-ui-rhel9:sha256:26bb49a8e2e695d61192f04eb0db63efa8210bba20ea22b60e4e22d519d8b9e6"
  }, {
    "product_name" : "Red Hat Insights proxy 1.5",
    "release_date" : "2026-02-10T00:00:00Z",
    "advisory" : "RHSA-2026:2485",
    "cpe" : "cpe:/a:redhat:insights_proxy:1.5::el9",
    "package" : "insights-proxy/insights-proxy-container-rhel9:sha256:975a1e501a8520df83f3f4114e72a71384ff1866ec99c7a45fffbf8c76ef5cbc"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-02-11T00:00:00Z",
    "advisory" : "RHSA-2026:2563",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/installer-rhel9:sha256:48cf7cf48dfadb17f9357bf1894a5d0393551a893faa8b0ea0e11fe1ffed497f"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4943",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/cds-rhel9:sha256:200c27e9b396276bd505c6b41127ac5eb1d94d620172cb818ae733f2a21ac524"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4943",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/haproxy-rhel9:sha256:d98fd3fe5f5f9acd0efae7db19b61b864be1eb2fbe2586a1b6be2429fa2cc7a3"
  }, {
    "product_name" : "Red Hat Update Infrastructure 5",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4943",
    "cpe" : "cpe:/a:redhat:rhui:5::el9",
    "package" : "rhui5/rhua-rhel9:sha256:5f1fbf66fb349a7baf066a1216d39989c3b89f18ec5108b96d9643baf4856778"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "edk2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "shim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "shim-unsigned-aarch64",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "shim-unsigned-x64",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "openssl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "openssl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "ovmf",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "compat-openssl10",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "edk2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "mingw-openssl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "shim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "shim-unsigned-x64",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "edk2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "shim",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "shim-unsigned-aarch64",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "shim-unsigned-x64",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-69419\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-69419" ],
  "name" : "CVE-2025-69419",
  "mitigation" : {
    "value" : "To mitigate this vulnerability, Red Hat recommends avoiding the processing of PKCS#12 files from untrusted or unverified sources. Applications that use the `PKCS12_get_friendlyname()` API should ensure that PKCS#12 files are only processed if they originate from trusted entities. Restricting the input sources for PKCS#12 files can significantly reduce the attack surface for this flaw.",
    "lang" : "en:us"
  },
  "csaw" : false
}