The branch releng/13.5 has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=ae7c74cfa5315e590cf7ef6fe8fe5e72330597e9
commit ae7c74cfa5315e590cf7ef6fe8fe5e72330597e9 Author: Gordon Tetlow <[email protected]> AuthorDate: 2025-09-30 15:28:59 +0000 Commit: Gordon Tetlow <[email protected]> CommitDate: 2025-09-30 15:32:35 +0000 Fix issue from OpenSSL. Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) Obtained from: OpenSSL Approved by: so Security: FreeBSD-SA-25:08.openssl Security: CVE-2025-9230 (cherry picked from commit c0dbaf2b5dbd16c113a6346ee748fd474fe192e5) --- crypto/openssl/crypto/cms/cms_pwri.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/openssl/crypto/cms/cms_pwri.c b/crypto/openssl/crypto/cms/cms_pwri.c index d7414883396c..9f98840244ea 100644 --- a/crypto/openssl/crypto/cms/cms_pwri.c +++ b/crypto/openssl/crypto/cms/cms_pwri.c @@ -215,7 +215,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, /* Check byte failure */ goto err; } - if (inlen < (size_t)(tmp[0] - 4)) { + if (inlen < 4 + (size_t)tmp[0]) { /* Invalid length value */ goto err; }
