Search criteria
1091 vulnerabilities found for OpenSSL by OpenSSL
CERTFR-2026-AVI-0403
Vulnerability from certfr_avis - Published: 2026-04-08 - Updated: 2026-04-08
De multiples vulnérabilités ont été découvertes dans OpenSSL. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les modules FIPS des versions 3.6, 3.5, 3.4, 3.3, 3.1 et 3.0 sont affectés par la vulnérabilité CVE-2026-31790 et les versions 3.6 par la vulnérabilité CVE-2026-31790, sur systèmes x86-64 avec les instructions AVX-512 er VAES activées.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| OpenSSL | OpenSSL | OpenSSL versions 3.6.x antérieures à 3.6.2 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.5.x antérieures à 3.5.6 | ||
| OpenSSL | OpenSSL | OpenSSL versions 1.1.1 antérieures à 1.1.1zg | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.0.x antérieures à 3.0.20 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.4.x antérieures à 3.4.5 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.3.x antérieures à 3.3.7 | ||
| OpenSSL | OpenSSL | OpenSSL versions 1.0.2 antérieures à 1.0.2zp |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL versions 3.6.x ant\u00e9rieures \u00e0 3.6.2",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.5.x ant\u00e9rieures \u00e0 3.5.6",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 1.1.1 ant\u00e9rieures \u00e0 1.1.1zg",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.0.x ant\u00e9rieures \u00e0 3.0.20",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.4.x ant\u00e9rieures \u00e0 3.4.5",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.3.x ant\u00e9rieures \u00e0 3.3.7",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 1.0.2 ant\u00e9rieures \u00e0 1.0.2zp",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les modules FIPS des versions 3.6, 3.5, 3.4, 3.3, 3.1 et 3.0 sont affect\u00e9s par la vuln\u00e9rabilit\u00e9 CVE-2026-31790 et les versions 3.6 par la vuln\u00e9rabilit\u00e9 CVE-2026-31790, sur syst\u00e8mes x86-64 avec les instructions AVX-512 er VAES activ\u00e9es.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-28386",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28386"
},
{
"name": "CVE-2026-28389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
},
{
"name": "CVE-2026-28387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
},
{
"name": "CVE-2026-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
},
{
"name": "CVE-2026-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
},
{
"name": "CVE-2026-31789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
},
{
"name": "CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
}
],
"initial_release_date": "2026-04-08T00:00:00",
"last_revision_date": "2026-04-08T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0403",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
"vendor_advisories": [
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL 20260407",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
]
}
CERTFR-2026-AVI-0296
Vulnerability from certfr_avis - Published: 2026-03-16 - Updated: 2026-03-16
Une vulnérabilité a été découverte dans OpenSSL. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL versions 3.6.x ant\u00e9rieures \u00e0 3.6.2",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.5.x ant\u00e9rieures \u00e0 3.5.6",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-2673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
}
],
"initial_release_date": "2026-03-16T00:00:00",
"last_revision_date": "2026-03-16T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0296",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans OpenSSL. Elle permet \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Vuln\u00e9rabilit\u00e9 dans OpenSSL",
"vendor_advisories": [
{
"published_at": "2026-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL",
"url": "https://openssl-library.org/news/secadv/20260313.txt"
}
]
}
CERTFR-2026-AVI-0096
Vulnerability from certfr_avis - Published: 2026-01-28 - Updated: 2026-01-28
De multiples vulnérabilités ont été découvertes dans OpenSSL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| OpenSSL | OpenSSL | OpenSSL versions 3.3.x antérieures à 3.3.6 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.6.x antérieures à 3.6.1 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.5.x antérieures à 3.5.5 | ||
| OpenSSL | OpenSSL | OpenSSL versions 1.1.1 antérieures à 1.1.1ze | ||
| OpenSSL | OpenSSL | OpenSSL versions 1.0.2 antérieures à 1.0.2zn | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.0.x antérieures à 3.0.19 | ||
| OpenSSL | OpenSSL | OpenSSL versions 3.4.x antérieures à 3.4.4 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL versions 3.3.x ant\u00e9rieures \u00e0 3.3.6",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.6.x ant\u00e9rieures \u00e0 3.6.1",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.5.x ant\u00e9rieures \u00e0 3.5.5",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 1.1.1 ant\u00e9rieures \u00e0 1.1.1ze",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 1.0.2 ant\u00e9rieures \u00e0 1.0.2zn",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.0.x ant\u00e9rieures \u00e0 3.0.19",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL versions 3.4.x ant\u00e9rieures \u00e0 3.4.4",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-66199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
},
{
"name": "CVE-2025-15469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
},
{
"name": "CVE-2025-69419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2026-22795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
},
{
"name": "CVE-2025-69421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
},
{
"name": "CVE-2026-22796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
},
{
"name": "CVE-2025-68160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
},
{
"name": "CVE-2025-69418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
},
{
"name": "CVE-2025-15468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
},
{
"name": "CVE-2025-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
},
{
"name": "CVE-2025-69420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
}
],
"initial_release_date": "2026-01-28T00:00:00",
"last_revision_date": "2026-01-28T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0096",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
"vendor_advisories": [
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL",
"url": "https://openssl-library.org/news/secadv/20260127.txt"
}
]
}
CVE-2026-31790 (GCVE-0-2026-31790)
Vulnerability from nvd – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI?
Title
Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
Summary
Issue summary: Applications using RSASVE key encapsulation to establish
a secret encryption key can send contents of an uninitialized memory buffer to
a malicious peer.
Impact summary: The uninitialized buffer might contain sensitive data from the
previous execution of the application process which leads to sensitive data
leakage to an attacker.
RSA_public_encrypt() returns the number of bytes written on success and -1
on error. The affected code tests only whether the return value is non-zero.
As a result, if RSA encryption fails, encapsulation can still return success to
the caller, set the output lengths, and leave the caller to use the contents of
the ciphertext buffer as if a valid KEM ciphertext had been produced.
If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an
attacker-supplied invalid RSA public key without first validating that key,
then this may cause stale or uninitialized contents of the caller-provided
ciphertext buffer to be disclosed to the attacker in place of the KEM
ciphertext.
As a workaround calling EVP_PKEY_public_check() or
EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate
the issue.
The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-31790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:32:04.700201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T14:32:37.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:06.208Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Simo Sorce (Red Hat)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nikola Pajkovsky"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Applications using RSASVE key encapsulation to establish\u003cbr\u003ea secret encryption key can send contents of an uninitialized memory buffer to\u003cbr\u003ea malicious peer.\u003cbr\u003e\u003cbr\u003eImpact summary: The uninitialized buffer might contain sensitive data from the\u003cbr\u003eprevious execution of the application process which leads to sensitive data\u003cbr\u003eleakage to an attacker.\u003cbr\u003e\u003cbr\u003eRSA_public_encrypt() returns the number of bytes written on success and -1\u003cbr\u003eon error. The affected code tests only whether the return value is non-zero.\u003cbr\u003eAs a result, if RSA encryption fails, encapsulation can still return success to\u003cbr\u003ethe caller, set the output lengths, and leave the caller to use the contents of\u003cbr\u003ethe ciphertext buffer as if a valid KEM ciphertext had been produced.\u003cbr\u003e\u003cbr\u003eIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\u003cbr\u003eattacker-supplied invalid RSA public key without first validating that key,\u003cbr\u003ethen this may cause stale or uninitialized contents of the caller-provided\u003cbr\u003eciphertext buffer to be disclosed to the attacker in place of the KEM\u003cbr\u003eciphertext.\u003cbr\u003e\u003cbr\u003eAs a workaround calling EVP_PKEY_public_check() or\u003cbr\u003eEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\u003cbr\u003ethe issue.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."
}
],
"value": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:56.698Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-31790",
"datePublished": "2026-04-07T22:00:56.698Z",
"dateReserved": "2026-03-09T15:56:53.191Z",
"dateUpdated": "2026-05-12T12:09:06.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31789 (GCVE-0-2026-31789)
Vulnerability from nvd – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI?
Title
Heap Buffer Overflow in Hexadecimal Conversion
Summary
Issue summary: Converting an excessively large OCTET STRING value to
a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
Impact summary: A heap buffer overflow may lead to a crash or possibly
an attacker controlled code execution or other undefined behavior.
If an attacker can supply a crafted X.509 certificate with an excessively
large OCTET STRING value in extensions such as the Subject Key Identifier
(SKID) or Authority Key Identifier (AKID) which are being converted to hex,
the size of the buffer needed for the result is calculated as multiplication
of the input length by 3. On 32 bit platforms, this multiplication may overflow
resulting in the allocation of a smaller buffer and a heap buffer overflow.
Applications and services that print or log contents of untrusted X.509
certificates are vulnerable to this issue. As the certificates would have
to have sizes of over 1 Gigabyte, printing or logging such certificates
is a fairly unlikely operation and only 32 bit platforms are affected,
this issue was assigned Low severity.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-31789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T03:56:05.246752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T20:08:19.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:05.071Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Quoc Tran (Xint.io - US Team)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Ustinov"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Converting an excessively large OCTET STRING value to\u003cbr\u003ea hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\u003cbr\u003e\u003cbr\u003eImpact summary: A heap buffer overflow may lead to a crash or possibly\u003cbr\u003ean attacker controlled code execution or other undefined behavior.\u003cbr\u003e\u003cbr\u003eIf an attacker can supply a crafted X.509 certificate with an excessively\u003cbr\u003elarge OCTET STRING value in extensions such as the Subject Key Identifier\u003cbr\u003e(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\u003cbr\u003ethe size of the buffer needed for the result is calculated as multiplication\u003cbr\u003eof the input length by 3. On 32 bit platforms, this multiplication may overflow\u003cbr\u003eresulting in the allocation of a smaller buffer and a heap buffer overflow.\u003cbr\u003e\u003cbr\u003eApplications and services that print or log contents of untrusted X.509\u003cbr\u003ecertificates are vulnerable to this issue. As the certificates would have\u003cbr\u003eto have sizes of over 1 Gigabyte, printing or logging such certificates\u003cbr\u003eis a fairly unlikely operation and only 32 bit platforms are affected,\u003cbr\u003ethis issue was assigned Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:54.983Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Buffer Overflow in Hexadecimal Conversion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-31789",
"datePublished": "2026-04-07T22:00:54.983Z",
"dateReserved": "2026-03-09T15:56:53.191Z",
"dateUpdated": "2026-05-12T12:09:05.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28390 (GCVE-0-2026-28390)
Vulnerability from nvd – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI?
Title
Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Summary
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyTransportRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlled CMS data may
crash before authentication or cryptographic operations occur resulting in
Denial of Service.
When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with
RSA-OAEP encryption is processed, the optional parameters field of
RSA-OAEP SourceFunc algorithm identifier is examined without checking
for its presence. This results in a NULL pointer dereference if the field
is missing.
Applications and services that call CMS_decrypt() on untrusted input
(e.g., S/MIME processing or CMS-based protocols) are vulnerable.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:24:15.925981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:26:06.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:02.294Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Muhammad Daffa"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhanpeng Liu (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guannan Wang (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guancheng Li (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Joshua Rogers (Aisle Research)"
},
{
"lang": "en",
"type": "reporter",
"value": "Chanho Kim"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Neil Horman"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\u003cbr\u003ewith KeyTransportRecipientInfo a NULL pointer dereference can happen.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that process attacker-controlled CMS data may\u003cbr\u003ecrash before authentication or cryptographic operations occur resulting in\u003cbr\u003eDenial of Service.\u003cbr\u003e\u003cbr\u003eWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\u003cbr\u003eRSA-OAEP encryption is processed, the optional parameters field of\u003cbr\u003eRSA-OAEP SourceFunc algorithm identifier is examined without checking\u003cbr\u003efor its presence. This results in a NULL pointer dereference if the field\u003cbr\u003eis missing.\u003cbr\u003e\u003cbr\u003eApplications and services that call CMS_decrypt() on untrusted input\u003cbr\u003e(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T07:28:22.729Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28390",
"datePublished": "2026-04-07T22:00:54.172Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:09:02.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28389 (GCVE-0-2026-28389)
Vulnerability from nvd – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI?
Title
Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Summary
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlled CMS data may
crash before authentication or cryptographic operations occur resulting in
Denial of Service.
When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is
processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier
is examined without checking for its presence. This results in a NULL
pointer dereference if the field is missing.
Applications and services that call CMS_decrypt() on untrusted input
(e.g., S/MIME processing or CMS-based protocols) are vulnerable.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:20:14.953384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:20:45.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:01.089Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nathan Sportsman (Praetorian)"
},
{
"lang": "en",
"type": "reporter",
"value": "Daniel Rhea"
},
{
"lang": "en",
"type": "reporter",
"value": "Jaeho Nam (Seoul National University)"
},
{
"lang": "en",
"type": "reporter",
"value": "Muhammad Daffa"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhanpeng Liu (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guannan Wang (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guancheng Li (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Joshua Rogers (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Neil Horman"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\u003cbr\u003ewith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that process attacker-controlled CMS data may\u003cbr\u003ecrash before authentication or cryptographic operations occur resulting in\u003cbr\u003eDenial of Service.\u003cbr\u003e\u003cbr\u003eWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\u003cbr\u003eprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\u003cbr\u003eis examined without checking for its presence. This results in a NULL\u003cbr\u003epointer dereference if the field is missing.\u003cbr\u003e\u003cbr\u003eApplications and services that call CMS_decrypt() on untrusted input\u003cbr\u003e(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T07:28:13.700Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28389",
"datePublished": "2026-04-07T22:00:53.364Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:09:01.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28388 (GCVE-0-2026-28388)
Vulnerability from nvd – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:08
VLAI?
Title
NULL Pointer Dereference When Processing a Delta CRL
Summary
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension
is processed a NULL pointer dereference might happen if the required CRL
Number extension is missing.
Impact summary: A NULL pointer dereference can trigger a crash which
leads to a Denial of Service for an application.
When CRL processing and delta CRL processing is enabled during X.509
certificate verification, the delta CRL processing does not check
whether the CRL Number extension is NULL before dereferencing it.
When a malformed delta CRL file is being processed, this parameter
can be NULL, causing a NULL pointer dereference.
Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in
the verification context, the certificate being verified to contain a
freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and
an attacker to provide a malformed CRL to an application that processes it.
The vulnerability is limited to Denial of Service and cannot be escalated to
achieve code execution or memory disclosure. For that reason the issue was
assessed as Low severity according to our Security Policy.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the affected code is outside the OpenSSL FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:18:04.195701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:18:43.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:59.931Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Igor Morgenstern (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Morgenstern (Aisle Research)"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\u003cbr\u003eis processed a NULL pointer dereference might happen if the required CRL\u003cbr\u003eNumber extension is missing.\u003cbr\u003e\u003cbr\u003eImpact summary: A NULL pointer dereference can trigger a crash which\u003cbr\u003eleads to a Denial of Service for an application.\u003cbr\u003e\u003cbr\u003eWhen CRL processing and delta CRL processing is enabled during X.509\u003cbr\u003ecertificate verification, the delta CRL processing does not check\u003cbr\u003ewhether the CRL Number extension is NULL before dereferencing it.\u003cbr\u003eWhen a malformed delta CRL file is being processed, this parameter\u003cbr\u003ecan be NULL, causing a NULL pointer dereference.\u003cbr\u003e\u003cbr\u003eExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\u003cbr\u003ethe verification context, the certificate being verified to contain a\u003cbr\u003efreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\u003cbr\u003ean attacker to provide a malformed CRL to an application that processes it.\u003cbr\u003e\u003cbr\u003eThe vulnerability is limited to Denial of Service and cannot be escalated to\u003cbr\u003eachieve code execution or memory disclosure. For that reason the issue was\u003cbr\u003eassessed as Low severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:52.382Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference When Processing a Delta CRL",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28388",
"datePublished": "2026-04-07T22:00:52.382Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:08:59.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28387 (GCVE-0-2026-28387)
Vulnerability from nvd – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:08
VLAI?
Title
Potential Use-after-free in DANE Client Code
Summary
Issue summary: An uncommon configuration of clients performing DANE TLSA-based
server authentication, when paired with uncommon server DANE TLSA records, may
result in a use-after-free and/or double-free on the client side.
Impact summary: A use after free can have a range of potential consequences
such as the corruption of valid data, crashes or execution of arbitrary code.
However, the issue only affects clients that make use of TLSA records with both
the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate
usage.
By far the most common deployment of DANE is in SMTP MTAs for which RFC7672
recommends that clients treat as 'unusable' any TLSA records that have the PKIX
certificate usages. These SMTP (or other similar) clients are not vulnerable
to this issue. Conversely, any clients that support only the PKIX usages, and
ignore the DANE-TA(2) usage are also not vulnerable.
The client would also need to be communicating with a server that publishes a
TLSA RRset with both types of TLSA records.
No FIPS modules are affected by this issue, the problem code is outside the
FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T03:56:07.962224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T20:10:20.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:58.724Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Igor Morgenstern (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Alexandr Nedvedicky"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\u003cbr\u003eserver authentication, when paired with uncommon server DANE TLSA records, may\u003cbr\u003eresult in a use-after-free and/or double-free on the client side.\u003cbr\u003e\u003cbr\u003eImpact summary: A use after free can have a range of potential consequences\u003cbr\u003esuch as the corruption of valid data, crashes or execution of arbitrary code.\u003cbr\u003e\u003cbr\u003eHowever, the issue only affects clients that make use of TLSA records with both\u003cbr\u003ethe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\u003cbr\u003eusage.\u003cbr\u003e\u003cbr\u003eBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\u003cbr\u003erecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\u003cbr\u003ecertificate usages. These SMTP (or other similar) clients are not vulnerable\u003cbr\u003eto this issue. Conversely, any clients that support only the PKIX usages, and\u003cbr\u003eignore the DANE-TA(2) usage are also not vulnerable.\u003cbr\u003e\u003cbr\u003eThe client would also need to be communicating with a server that publishes a\u003cbr\u003eTLSA RRset with both types of TLSA records.\u003cbr\u003e\u003cbr\u003eNo FIPS modules are affected by this issue, the problem code is outside the\u003cbr\u003eFIPS module boundary."
}
],
"value": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:51.496Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential Use-after-free in DANE Client Code",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28387",
"datePublished": "2026-04-07T22:00:51.496Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:08:58.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28386 (GCVE-0-2026-28386)
Vulnerability from nvd – Published: 2026-04-07 22:00 – Updated: 2026-04-10 20:16
VLAI?
Title
Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support
Summary
Issue summary: Applications using AES-CFB128 encryption or decryption on
systems with AVX-512 and VAES support can trigger an out-of-bounds read
of up to 15 bytes when processing partial cipher blocks.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application if the input buffer ends at a memory
page boundary and the following page is unmapped. There is no information
disclosure as the over-read bytes are not written to output.
The vulnerable code path is only reached when processing partial blocks
(when a previous call left an incomplete block and the current call provides
fewer bytes than needed to complete it). Additionally, the input buffer
must be positioned at a page boundary with the following page unmapped.
CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or
ChaCha20-Poly1305 instead. For these reasons the issue was assessed as
Low severity according to our Security Policy.
Only x86-64 systems with AVX-512 and VAES instruction support are affected.
Other architectures and systems without VAES support use different code
paths that are not affected.
OpenSSL FIPS module in 3.6 version is affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://openssl-library.org/news/secadv/20260407.txt | vendor-advisory |
| https://github.com/openssl/openssl/commit/61f428a… | patch |
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:15:21.235876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:16:08.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "reporter",
"value": "Pavel Kohout (Aisle Research)"
},
{
"lang": "en",
"type": "reporter",
"value": "Alex Gaynor (Anthropic)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Pavel Kohout (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Alex Gaynor (Anthropic)"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\u003cbr\u003esystems with AVX-512 and VAES support can trigger an out-of-bounds read\u003cbr\u003eof up to 15 bytes when processing partial cipher blocks.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds read may trigger a crash which leads to\u003cbr\u003eDenial of Service for an application if the input buffer ends at a memory\u003cbr\u003epage boundary and the following page is unmapped. There is no information\u003cbr\u003edisclosure as the over-read bytes are not written to output.\u003cbr\u003e\u003cbr\u003eThe vulnerable code path is only reached when processing partial blocks\u003cbr\u003e(when a previous call left an incomplete block and the current call provides\u003cbr\u003efewer bytes than needed to complete it). Additionally, the input buffer\u003cbr\u003emust be positioned at a page boundary with the following page unmapped.\u003cbr\u003eCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\u003cbr\u003eChaCha20-Poly1305 instead. For these reasons the issue was assessed as\u003cbr\u003eLow severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\u003cbr\u003eOther architectures and systems without VAES support use different code\u003cbr\u003epaths that are not affected.\u003cbr\u003e\u003cbr\u003eOpenSSL FIPS module in 3.6 version is affected by this issue."
}
],
"value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:50.164Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28386",
"datePublished": "2026-04-07T22:00:50.164Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-04-10T20:16:08.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2673 (GCVE-0-2026-2673)
Vulnerability from nvd – Published: 2026-03-13 13:23 – Updated: 2026-05-18 19:23
VLAI?
Title
OpenSSL TLS 1.3 server may choose unexpected key agreement group
Summary
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected
preferred key exchange group when its key exchange group configuration includes
the default by using the 'DEFAULT' keyword.
Impact summary: A less preferred key exchange may be used even when a more
preferred group is supported by both client and server, if the group
was not included among the client's initial predicated keyshares.
This will sometimes be the case with the new hybrid post-quantum groups,
if the client chooses to defer their use until specifically requested by
the server.
If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to
interpolate the built-in default group list into its own configuration, perhaps
adding or removing specific elements, then an implementation defect causes the
'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups
were treated as a single sufficiently secure 'tuple', with the server not
sending a Hello Retry Request (HRR) even when a group in a more preferred tuple
was mutually supported.
As a result, the client and server might fail to negotiate a mutually supported
post-quantum key agreement group, such as 'X25519MLKEM768', if the client's
configuration results in only 'classical' groups (such as 'X25519' being the
only ones in the client's initial keyshare prediction).
OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS
1.3 key agreement group on TLS servers. The old syntax had a single 'flat'
list of groups, and treated all the supported groups as sufficiently secure.
If any of the keyshares predicted by the client were supported by the server
the most preferred among these was selected, even if other groups supported by
the client, but not included in the list of predicted keyshares would have been
more preferred, if included.
The new syntax partitions the groups into distinct 'tuples' of roughly
equivalent security. Within each tuple the most preferred group included among
the client's predicted keyshares is chosen, but if the client supports a group
from a more preferred tuple, but did not predict any corresponding keyshares,
the server will ask the client to retry the ClientHello (by issuing a Hello
Retry Request or HRR) with the most preferred mutually supported group.
The above works as expected when the server's configuration uses the built-in
default group list, or explicitly defines its own list by directly defining the
various desired groups and group 'tuples'.
No OpenSSL FIPS modules are affected by this issue, the code in question lies
outside the FIPS boundary.
OpenSSL 3.6 and 3.5 are vulnerable to this issue.
OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.
OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.
OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://openssl-library.org/news/secadv/20260313.txt | vendor-advisory |
| https://github.com/openssl/openssl/commit/2157c9d… | patch |
| https://github.com/openssl/openssl/commit/85977e0… | patch |
Impacted products
Date Public ?
2026-03-13 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-13T15:15:21.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/13/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T17:17:17.444679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T19:23:37.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:46.771Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Viktor Dukhovni"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
}
],
"datePublic": "2026-03-13T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\u003cbr\u003epreferred key exchange group when its key exchange group configuration includes\u003cbr\u003ethe default by using the \u0027DEFAULT\u0027 keyword.\u003cbr\u003e\u003cbr\u003eImpact summary: A less preferred key exchange may be used even when a more\u003cbr\u003epreferred group is supported by both client and server, if the group\u003cbr\u003ewas not included among the client\u0027s initial predicated keyshares.\u003cbr\u003eThis will sometimes be the case with the new hybrid post-quantum groups,\u003cbr\u003eif the client chooses to defer their use until specifically requested by\u003cbr\u003ethe server.\u003cbr\u003e\u003cbr\u003eIf an OpenSSL TLS 1.3 server\u0027s configuration uses the \u0027DEFAULT\u0027 keyword to\u003cbr\u003einterpolate the built-in default group list into its own configuration, perhaps\u003cbr\u003eadding or removing specific elements, then an implementation defect causes the\u003cbr\u003e\u0027DEFAULT\u0027 list to lose its \u0027tuple\u0027 structure, and all server-supported groups\u003cbr\u003ewere treated as a single sufficiently secure \u0027tuple\u0027, with the server not\u003cbr\u003esending a Hello Retry Request (HRR) even when a group in a more preferred tuple\u003cbr\u003ewas mutually supported.\u003cbr\u003e\u003cbr\u003eAs a result, the client and server might fail to negotiate a mutually supported\u003cbr\u003epost-quantum key agreement group, such as \u0027X25519MLKEM768\u0027, if the client\u0027s\u003cbr\u003econfiguration results in only \u0027classical\u0027 groups (such as \u0027X25519\u0027 being the\u003cbr\u003eonly ones in the client\u0027s initial keyshare prediction).\u003cbr\u003e\u003cbr\u003eOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\u003cbr\u003e1.3 key agreement group on TLS servers. The old syntax had a single \u0027flat\u0027\u003cbr\u003elist of groups, and treated all the supported groups as sufficiently secure.\u003cbr\u003eIf any of the keyshares predicted by the client were supported by the server\u003cbr\u003ethe most preferred among these was selected, even if other groups supported by\u003cbr\u003ethe client, but not included in the list of predicted keyshares would have been\u003cbr\u003emore preferred, if included.\u003cbr\u003e\u003cbr\u003eThe new syntax partitions the groups into distinct \u0027tuples\u0027 of roughly\u003cbr\u003eequivalent security. Within each tuple the most preferred group included among\u003cbr\u003ethe client\u0027s predicted keyshares is chosen, but if the client supports a group\u003cbr\u003efrom a more preferred tuple, but did not predict any corresponding keyshares,\u003cbr\u003ethe server will ask the client to retry the ClientHello (by issuing a Hello\u003cbr\u003eRetry Request or HRR) with the most preferred mutually supported group.\u003cbr\u003e\u003cbr\u003eThe above works as expected when the server\u0027s configuration uses the built-in\u003cbr\u003edefault group list, or explicitly defines its own list by directly defining the\u003cbr\u003evarious desired groups and group \u0027tuples\u0027.\u003cbr\u003e\u003cbr\u003eNo OpenSSL FIPS modules are affected by this issue, the code in question lies\u003cbr\u003eoutside the FIPS boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6 and 3.5 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\u003cbr\u003eOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue."
}
],
"value": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the \u0027DEFAULT\u0027 keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client\u0027s initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server\u0027s configuration uses the \u0027DEFAULT\u0027 keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n\u0027DEFAULT\u0027 list to lose its \u0027tuple\u0027 structure, and all server-supported groups\nwere treated as a single sufficiently secure \u0027tuple\u0027, with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as \u0027X25519MLKEM768\u0027, if the client\u0027s\nconfiguration results in only \u0027classical\u0027 groups (such as \u0027X25519\u0027 being the\nonly ones in the client\u0027s initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single \u0027flat\u0027\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct \u0027tuples\u0027 of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client\u0027s predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server\u0027s configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group \u0027tuples\u0027.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-757",
"description": "CWE-757 Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T13:23:00.376Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260313.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenSSL TLS 1.3 server may choose unexpected key agreement group",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-2673",
"datePublished": "2026-03-13T13:23:00.376Z",
"dateReserved": "2026-02-18T09:41:04.155Z",
"dateUpdated": "2026-05-18T19:23:37.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22796 (GCVE-0-2026-22796)
Vulnerability from nvd – Published: 2026-01-27 16:01 – Updated: 2026-05-12 12:08
VLAI?
Title
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
Summary
Issue summary: A type confusion vulnerability exists in the signature
verification of signed PKCS#7 data where an ASN1_TYPE union member is
accessed without first validating the type, causing an invalid or NULL
pointer dereference when processing malformed PKCS#7 data.
Impact summary: An application performing signature verification of PKCS#7
data or calling directly the PKCS7_digest_from_attributes() function can be
caused to dereference an invalid or NULL pointer when reading, resulting in
a Denial of Service.
The function PKCS7_digest_from_attributes() accesses the message digest attribute
value without validating its type. When the type is not V_ASN1_OCTET_STRING,
this results in accessing invalid memory through the ASN1_TYPE union, causing
a crash.
Exploiting this vulnerability requires an attacker to provide a malformed
signed PKCS#7 to an application that verifies it. The impact of the
exploit is just a Denial of Service, the PKCS7 API is legacy and applications
should be using the CMS API instead. For these reasons the issue was
assessed as Low severity.
The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
Severity ?
No CVSS data available.
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
6 references
Impacted products
Date Public ?
2026-01-27 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-22796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T16:27:50.351586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T16:28:52.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:55.117Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1ze",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zn",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Luigino Camastra (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Bob Beck"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: A type confusion vulnerability exists in the signature\u003cbr\u003everification of signed PKCS#7 data where an ASN1_TYPE union member is\u003cbr\u003eaccessed without first validating the type, causing an invalid or NULL\u003cbr\u003epointer dereference when processing malformed PKCS#7 data.\u003cbr\u003e\u003cbr\u003eImpact summary: An application performing signature verification of PKCS#7\u003cbr\u003edata or calling directly the PKCS7_digest_from_attributes() function can be\u003cbr\u003ecaused to dereference an invalid or NULL pointer when reading, resulting in\u003cbr\u003ea Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function PKCS7_digest_from_attributes() accesses the message digest attribute\u003cbr\u003evalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\u003cbr\u003ethis results in accessing invalid memory through the ASN1_TYPE union, causing\u003cbr\u003ea crash.\u003cbr\u003e\u003cbr\u003eExploiting this vulnerability requires an attacker to provide a malformed\u003cbr\u003esigned PKCS#7 to an application that verifies it. The impact of the\u003cbr\u003eexploit is just a Denial of Service, the PKCS7 API is legacy and applications\u003cbr\u003eshould be using the CMS API instead. For these reasons the issue was\u003cbr\u003eassessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
}
],
"value": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T16:01:28.150Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e"
},
{
"name": "3.0.19 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-22796",
"datePublished": "2026-01-27T16:01:28.150Z",
"dateReserved": "2026-01-09T18:54:13.571Z",
"dateUpdated": "2026-05-12T12:08:55.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22795 (GCVE-0-2026-22795)
Vulnerability from nvd – Published: 2026-01-27 16:01 – Updated: 2026-05-12 12:08
VLAI?
Title
Missing ASN1_TYPE validation in PKCS#12 parsing
Summary
Issue summary: An invalid or NULL pointer dereference can happen in
an application processing a malformed PKCS#12 file.
Impact summary: An application processing a malformed PKCS#12 file can be
caused to dereference an invalid or NULL pointer on memory read, resulting
in a Denial of Service.
A type confusion vulnerability exists in PKCS#12 parsing code where
an ASN1_TYPE union member is accessed without first validating the type,
causing an invalid pointer read.
The location is constrained to a 1-byte address space, meaning any
attempted pointer manipulation can only target addresses between 0x00 and 0xFF.
This range corresponds to the zero page, which is unmapped on most modern
operating systems and will reliably result in a crash, leading only to a
Denial of Service. Exploiting this issue also requires a user or application
to process a maliciously crafted PKCS#12 file. It is uncommon to accept
untrusted PKCS#12 files in applications as they are usually used to store
private keys which are trusted by definition. For these reasons, the issue
was assessed as Low severity.
The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
6 references
Impacted products
Date Public ?
2026-01-27 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-22795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T20:03:18.604129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T18:13:37.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:53.938Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1ze",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Luigino Camastra (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Bob Beck"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: An invalid or NULL pointer dereference can happen in\u003cbr\u003ean application processing a malformed PKCS#12 file.\u003cbr\u003e\u003cbr\u003eImpact summary: An application processing a malformed PKCS#12 file can be\u003cbr\u003ecaused to dereference an invalid or NULL pointer on memory read, resulting\u003cbr\u003ein a Denial of Service.\u003cbr\u003e\u003cbr\u003eA type confusion vulnerability exists in PKCS#12 parsing code where\u003cbr\u003ean ASN1_TYPE union member is accessed without first validating the type,\u003cbr\u003ecausing an invalid pointer read.\u003cbr\u003e\u003cbr\u003eThe location is constrained to a 1-byte address space, meaning any\u003cbr\u003eattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\u003cbr\u003eThis range corresponds to the zero page, which is unmapped on most modern\u003cbr\u003eoperating systems and will reliably result in a crash, leading only to a\u003cbr\u003eDenial of Service. Exploiting this issue also requires a user or application\u003cbr\u003eto process a maliciously crafted PKCS#12 file. It is uncommon to accept\u003cbr\u003euntrusted PKCS#12 files in applications as they are usually used to store\u003cbr\u003eprivate keys which are trusted by definition. For these reasons, the issue\u003cbr\u003ewas assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue."
}
],
"value": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T16:01:27.320Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e"
},
{
"name": "3.0.19 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing ASN1_TYPE validation in PKCS#12 parsing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-22795",
"datePublished": "2026-01-27T16:01:27.320Z",
"dateReserved": "2026-01-09T18:54:13.570Z",
"dateUpdated": "2026-05-12T12:08:53.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69421 (GCVE-0-2025-69421)
Vulnerability from nvd – Published: 2026-01-27 16:01 – Updated: 2026-05-12 12:08
VLAI?
Title
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
Summary
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.
Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.
The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.
Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
6 references
Impacted products
Date Public ?
2026-01-27 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-69421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T15:17:58.059460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-28T02:58:24.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:44.262Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1ze",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zn",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Luigino Camastra (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Luigino Camastra (Aisle Research)"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\u003cbr\u003edereference in the PKCS12_item_decrypt_d2i_ex() function.\u003cbr\u003e\u003cbr\u003eImpact summary: A NULL pointer dereference can trigger a crash which leads to\u003cbr\u003eDenial of Service for an application processing PKCS#12 files.\u003cbr\u003e\u003cbr\u003eThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\u003cbr\u003eparameter is NULL before dereferencing it. When called from\u003cbr\u003ePKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\u003cbr\u003ebe NULL, causing a crash. The vulnerability is limited to Denial of Service\u003cbr\u003eand cannot be escalated to achieve code execution or memory disclosure.\u003cbr\u003e\u003cbr\u003eExploiting this issue requires an attacker to provide a malformed PKCS#12 file\u003cbr\u003eto an application that processes it. For that reason the issue was assessed as\u003cbr\u003eLow severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
}
],
"value": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T16:01:26.435Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd"
},
{
"name": "3.0.19 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-69421",
"datePublished": "2026-01-27T16:01:26.435Z",
"dateReserved": "2026-01-06T12:44:09.946Z",
"dateUpdated": "2026-05-12T12:08:44.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69420 (GCVE-0-2025-69420)
Vulnerability from nvd – Published: 2026-01-27 16:01 – Updated: 2026-05-12 12:08
VLAI?
Title
Missing ASN1_TYPE validation in TS_RESP_verify_response() function
Summary
Issue summary: A type confusion vulnerability exists in the TimeStamp Response
verification code where an ASN1_TYPE union member is accessed without first
validating the type, causing an invalid or NULL pointer dereference when
processing a malformed TimeStamp Response file.
Impact summary: An application calling TS_RESP_verify_response() with a
malformed TimeStamp Response can be caused to dereference an invalid or
NULL pointer when reading, resulting in a Denial of Service.
The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()
access the signing cert attribute value without validating its type.
When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory
through the ASN1_TYPE union, causing a crash.
Exploiting this vulnerability requires an attacker to provide a malformed
TimeStamp Response to an application that verifies timestamp responses. The
TimeStamp protocol (RFC 3161) is not widely used and the impact of the
exploit is just a Denial of Service. For these reasons the issue was
assessed as Low severity.
The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the TimeStamp Response implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
6 references
Impacted products
Date Public ?
2026-01-27 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-69420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T19:33:06.662569Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T19:33:41.253Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:43.116Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1ze",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Luigino Camastra (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Bob Beck"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\u003cbr\u003everification code where an ASN1_TYPE union member is accessed without first\u003cbr\u003evalidating the type, causing an invalid or NULL pointer dereference when\u003cbr\u003eprocessing a malformed TimeStamp Response file.\u003cbr\u003e\u003cbr\u003eImpact summary: An application calling TS_RESP_verify_response() with a\u003cbr\u003emalformed TimeStamp Response can be caused to dereference an invalid or\u003cbr\u003eNULL pointer when reading, resulting in a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\u003cbr\u003eaccess the signing cert attribute value without validating its type.\u003cbr\u003eWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\u003cbr\u003ethrough the ASN1_TYPE union, causing a crash.\u003cbr\u003e\u003cbr\u003eExploiting this vulnerability requires an attacker to provide a malformed\u003cbr\u003eTimeStamp Response to an application that verifies timestamp responses. The\u003cbr\u003eTimeStamp protocol (RFC 3161) is not widely used and the impact of the\u003cbr\u003eexploit is just a Denial of Service. For these reasons the issue was\u003cbr\u003eassessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the TimeStamp Response implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue."
}
],
"value": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T16:01:25.643Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b"
},
{
"name": "3.0.19 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing ASN1_TYPE validation in TS_RESP_verify_response() function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-69420",
"datePublished": "2026-01-27T16:01:25.643Z",
"dateReserved": "2026-01-06T12:44:09.945Z",
"dateUpdated": "2026-05-12T12:08:43.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69419 (GCVE-0-2025-69419)
Vulnerability from nvd – Published: 2026-01-27 16:01 – Updated: 2026-05-12 12:08
VLAI?
Title
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
Summary
Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously
crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing
non-ASCII BMP code point can trigger a one byte write before the allocated
buffer.
Impact summary: The out-of-bounds write can cause a memory corruption
which can have various consequences including a Denial of Service.
The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12
BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,
the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16
source byte count as the destination buffer capacity to UTF8_putc(). For BMP
code points above U+07FF, UTF-8 requires three bytes, but the forwarded
capacity can be just two bytes. UTF8_putc() then returns -1, and this negative
value is added to the output length without validation, causing the
length to become negative. The subsequent trailing NUL byte is then written
at a negative offset, causing write outside of heap allocated buffer.
The vulnerability is reachable via the public PKCS12_get_friendlyname() API
when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a
different code path that avoids this issue, PKCS12_get_friendlyname() directly
invokes the vulnerable function. Exploitation requires an attacker to provide
a malicious PKCS#12 file to be parsed by the application and the attacker
can just trigger a one zero byte write before the allocated buffer.
For that reason the issue was assessed as Low severity according to our
Security Policy.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
6 references
Impacted products
Date Public ?
2026-01-27 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-69419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-29T15:09:04.605559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-29T15:09:39.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:41.952Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.1",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.4",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.6",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.19",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1ze",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Norbert P\u00f3cs"
}
],
"datePublic": "2026-01-27T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\u003cbr\u003ecrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\u003cbr\u003enon-ASCII BMP code point can trigger a one byte write before the allocated\u003cbr\u003ebuffer.\u003cbr\u003e\u003cbr\u003eImpact summary: The out-of-bounds write can cause a memory corruption\u003cbr\u003ewhich can have various consequences including a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\u003cbr\u003eBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\u003cbr\u003ethe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\u003cbr\u003esource byte count as the destination buffer capacity to UTF8_putc(). For BMP\u003cbr\u003ecode points above U+07FF, UTF-8 requires three bytes, but the forwarded\u003cbr\u003ecapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\u003cbr\u003evalue is added to the output length without validation, causing the\u003cbr\u003elength to become negative. The subsequent trailing NUL byte is then written\u003cbr\u003eat a negative offset, causing write outside of heap allocated buffer.\u003cbr\u003e\u003cbr\u003eThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\u003cbr\u003ewhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\u003cbr\u003edifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\u003cbr\u003einvokes the vulnerable function. Exploitation requires an attacker to provide\u003cbr\u003ea malicious PKCS#12 file to be parsed by the application and the attacker\u003cbr\u003ecan just trigger a one zero byte write before the allocated buffer.\u003cbr\u003eFor that reason the issue was assessed as Low severity according to our\u003cbr\u003eSecurity Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 1.0.2 is not affected by this issue."
}
],
"value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T16:01:24.822Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"name": "3.6.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb"
},
{
"name": "3.5.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535"
},
{
"name": "3.4.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015"
},
{
"name": "3.3.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2"
},
{
"name": "3.0.19 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-69419",
"datePublished": "2026-01-27T16:01:24.822Z",
"dateReserved": "2026-01-06T12:44:09.945Z",
"dateUpdated": "2026-05-12T12:08:41.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31790 (GCVE-0-2026-31790)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI?
Title
Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
Summary
Issue summary: Applications using RSASVE key encapsulation to establish
a secret encryption key can send contents of an uninitialized memory buffer to
a malicious peer.
Impact summary: The uninitialized buffer might contain sensitive data from the
previous execution of the application process which leads to sensitive data
leakage to an attacker.
RSA_public_encrypt() returns the number of bytes written on success and -1
on error. The affected code tests only whether the return value is non-zero.
As a result, if RSA encryption fails, encapsulation can still return success to
the caller, set the output lengths, and leave the caller to use the contents of
the ciphertext buffer as if a valid KEM ciphertext had been produced.
If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an
attacker-supplied invalid RSA public key without first validating that key,
then this may cause stale or uninitialized contents of the caller-provided
ciphertext buffer to be disclosed to the attacker in place of the KEM
ciphertext.
As a workaround calling EVP_PKEY_public_check() or
EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate
the issue.
The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-31790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T14:32:04.700201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T14:32:37.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:06.208Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Simo Sorce (Red Hat)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nikola Pajkovsky"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Applications using RSASVE key encapsulation to establish\u003cbr\u003ea secret encryption key can send contents of an uninitialized memory buffer to\u003cbr\u003ea malicious peer.\u003cbr\u003e\u003cbr\u003eImpact summary: The uninitialized buffer might contain sensitive data from the\u003cbr\u003eprevious execution of the application process which leads to sensitive data\u003cbr\u003eleakage to an attacker.\u003cbr\u003e\u003cbr\u003eRSA_public_encrypt() returns the number of bytes written on success and -1\u003cbr\u003eon error. The affected code tests only whether the return value is non-zero.\u003cbr\u003eAs a result, if RSA encryption fails, encapsulation can still return success to\u003cbr\u003ethe caller, set the output lengths, and leave the caller to use the contents of\u003cbr\u003ethe ciphertext buffer as if a valid KEM ciphertext had been produced.\u003cbr\u003e\u003cbr\u003eIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\u003cbr\u003eattacker-supplied invalid RSA public key without first validating that key,\u003cbr\u003ethen this may cause stale or uninitialized contents of the caller-provided\u003cbr\u003eciphertext buffer to be disclosed to the attacker in place of the KEM\u003cbr\u003eciphertext.\u003cbr\u003e\u003cbr\u003eAs a workaround calling EVP_PKEY_public_check() or\u003cbr\u003eEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\u003cbr\u003ethe issue.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."
}
],
"value": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:56.698Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-31790",
"datePublished": "2026-04-07T22:00:56.698Z",
"dateReserved": "2026-03-09T15:56:53.191Z",
"dateUpdated": "2026-05-12T12:09:06.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31789 (GCVE-0-2026-31789)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI?
Title
Heap Buffer Overflow in Hexadecimal Conversion
Summary
Issue summary: Converting an excessively large OCTET STRING value to
a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
Impact summary: A heap buffer overflow may lead to a crash or possibly
an attacker controlled code execution or other undefined behavior.
If an attacker can supply a crafted X.509 certificate with an excessively
large OCTET STRING value in extensions such as the Subject Key Identifier
(SKID) or Authority Key Identifier (AKID) which are being converted to hex,
the size of the buffer needed for the result is calculated as multiplication
of the input length by 3. On 32 bit platforms, this multiplication may overflow
resulting in the allocation of a smaller buffer and a heap buffer overflow.
Applications and services that print or log contents of untrusted X.509
certificates are vulnerable to this issue. As the certificates would have
to have sizes of over 1 Gigabyte, printing or logging such certificates
is a fairly unlikely operation and only 32 bit platforms are affected,
this issue was assigned Low severity.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-31789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T03:56:05.246752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T20:08:19.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:05.071Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Quoc Tran (Xint.io - US Team)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Ustinov"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Converting an excessively large OCTET STRING value to\u003cbr\u003ea hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\u003cbr\u003e\u003cbr\u003eImpact summary: A heap buffer overflow may lead to a crash or possibly\u003cbr\u003ean attacker controlled code execution or other undefined behavior.\u003cbr\u003e\u003cbr\u003eIf an attacker can supply a crafted X.509 certificate with an excessively\u003cbr\u003elarge OCTET STRING value in extensions such as the Subject Key Identifier\u003cbr\u003e(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\u003cbr\u003ethe size of the buffer needed for the result is calculated as multiplication\u003cbr\u003eof the input length by 3. On 32 bit platforms, this multiplication may overflow\u003cbr\u003eresulting in the allocation of a smaller buffer and a heap buffer overflow.\u003cbr\u003e\u003cbr\u003eApplications and services that print or log contents of untrusted X.509\u003cbr\u003ecertificates are vulnerable to this issue. As the certificates would have\u003cbr\u003eto have sizes of over 1 Gigabyte, printing or logging such certificates\u003cbr\u003eis a fairly unlikely operation and only 32 bit platforms are affected,\u003cbr\u003ethis issue was assigned Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:54.983Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Buffer Overflow in Hexadecimal Conversion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-31789",
"datePublished": "2026-04-07T22:00:54.983Z",
"dateReserved": "2026-03-09T15:56:53.191Z",
"dateUpdated": "2026-05-12T12:09:05.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28390 (GCVE-0-2026-28390)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI?
Title
Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Summary
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyTransportRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlled CMS data may
crash before authentication or cryptographic operations occur resulting in
Denial of Service.
When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with
RSA-OAEP encryption is processed, the optional parameters field of
RSA-OAEP SourceFunc algorithm identifier is examined without checking
for its presence. This results in a NULL pointer dereference if the field
is missing.
Applications and services that call CMS_decrypt() on untrusted input
(e.g., S/MIME processing or CMS-based protocols) are vulnerable.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:24:15.925981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:26:06.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:02.294Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Muhammad Daffa"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhanpeng Liu (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guannan Wang (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guancheng Li (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Joshua Rogers (Aisle Research)"
},
{
"lang": "en",
"type": "reporter",
"value": "Chanho Kim"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Neil Horman"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\u003cbr\u003ewith KeyTransportRecipientInfo a NULL pointer dereference can happen.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that process attacker-controlled CMS data may\u003cbr\u003ecrash before authentication or cryptographic operations occur resulting in\u003cbr\u003eDenial of Service.\u003cbr\u003e\u003cbr\u003eWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\u003cbr\u003eRSA-OAEP encryption is processed, the optional parameters field of\u003cbr\u003eRSA-OAEP SourceFunc algorithm identifier is examined without checking\u003cbr\u003efor its presence. This results in a NULL pointer dereference if the field\u003cbr\u003eis missing.\u003cbr\u003e\u003cbr\u003eApplications and services that call CMS_decrypt() on untrusted input\u003cbr\u003e(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T07:28:22.729Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28390",
"datePublished": "2026-04-07T22:00:54.172Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:09:02.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28389 (GCVE-0-2026-28389)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI?
Title
Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Summary
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlled CMS data may
crash before authentication or cryptographic operations occur resulting in
Denial of Service.
When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is
processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier
is examined without checking for its presence. This results in a NULL
pointer dereference if the field is missing.
Applications and services that call CMS_decrypt() on untrusted input
(e.g., S/MIME processing or CMS-based protocols) are vulnerable.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:20:14.953384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:20:45.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:01.089Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nathan Sportsman (Praetorian)"
},
{
"lang": "en",
"type": "reporter",
"value": "Daniel Rhea"
},
{
"lang": "en",
"type": "reporter",
"value": "Jaeho Nam (Seoul National University)"
},
{
"lang": "en",
"type": "reporter",
"value": "Muhammad Daffa"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhanpeng Liu (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guannan Wang (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guancheng Li (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Joshua Rogers (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Neil Horman"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\u003cbr\u003ewith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that process attacker-controlled CMS data may\u003cbr\u003ecrash before authentication or cryptographic operations occur resulting in\u003cbr\u003eDenial of Service.\u003cbr\u003e\u003cbr\u003eWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\u003cbr\u003eprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\u003cbr\u003eis examined without checking for its presence. This results in a NULL\u003cbr\u003epointer dereference if the field is missing.\u003cbr\u003e\u003cbr\u003eApplications and services that call CMS_decrypt() on untrusted input\u003cbr\u003e(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T07:28:13.700Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28389",
"datePublished": "2026-04-07T22:00:53.364Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:09:01.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28388 (GCVE-0-2026-28388)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:08
VLAI?
Title
NULL Pointer Dereference When Processing a Delta CRL
Summary
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension
is processed a NULL pointer dereference might happen if the required CRL
Number extension is missing.
Impact summary: A NULL pointer dereference can trigger a crash which
leads to a Denial of Service for an application.
When CRL processing and delta CRL processing is enabled during X.509
certificate verification, the delta CRL processing does not check
whether the CRL Number extension is NULL before dereferencing it.
When a malformed delta CRL file is being processed, this parameter
can be NULL, causing a NULL pointer dereference.
Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in
the verification context, the certificate being verified to contain a
freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and
an attacker to provide a malformed CRL to an application that processes it.
The vulnerability is limited to Denial of Service and cannot be escalated to
achieve code execution or memory disclosure. For that reason the issue was
assessed as Low severity according to our Security Policy.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the affected code is outside the OpenSSL FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:18:04.195701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:18:43.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:59.931Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Igor Morgenstern (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Morgenstern (Aisle Research)"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\u003cbr\u003eis processed a NULL pointer dereference might happen if the required CRL\u003cbr\u003eNumber extension is missing.\u003cbr\u003e\u003cbr\u003eImpact summary: A NULL pointer dereference can trigger a crash which\u003cbr\u003eleads to a Denial of Service for an application.\u003cbr\u003e\u003cbr\u003eWhen CRL processing and delta CRL processing is enabled during X.509\u003cbr\u003ecertificate verification, the delta CRL processing does not check\u003cbr\u003ewhether the CRL Number extension is NULL before dereferencing it.\u003cbr\u003eWhen a malformed delta CRL file is being processed, this parameter\u003cbr\u003ecan be NULL, causing a NULL pointer dereference.\u003cbr\u003e\u003cbr\u003eExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\u003cbr\u003ethe verification context, the certificate being verified to contain a\u003cbr\u003efreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\u003cbr\u003ean attacker to provide a malformed CRL to an application that processes it.\u003cbr\u003e\u003cbr\u003eThe vulnerability is limited to Denial of Service and cannot be escalated to\u003cbr\u003eachieve code execution or memory disclosure. For that reason the issue was\u003cbr\u003eassessed as Low severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:52.382Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference When Processing a Delta CRL",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28388",
"datePublished": "2026-04-07T22:00:52.382Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:08:59.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28387 (GCVE-0-2026-28387)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:08
VLAI?
Title
Potential Use-after-free in DANE Client Code
Summary
Issue summary: An uncommon configuration of clients performing DANE TLSA-based
server authentication, when paired with uncommon server DANE TLSA records, may
result in a use-after-free and/or double-free on the client side.
Impact summary: A use after free can have a range of potential consequences
such as the corruption of valid data, crashes or execution of arbitrary code.
However, the issue only affects clients that make use of TLSA records with both
the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate
usage.
By far the most common deployment of DANE is in SMTP MTAs for which RFC7672
recommends that clients treat as 'unusable' any TLSA records that have the PKIX
certificate usages. These SMTP (or other similar) clients are not vulnerable
to this issue. Conversely, any clients that support only the PKIX usages, and
ignore the DANE-TA(2) usage are also not vulnerable.
The client would also need to be communicating with a server that publishes a
TLSA RRset with both types of TLSA records.
No FIPS modules are affected by this issue, the problem code is outside the
FIPS module boundary.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
6 references
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T03:56:07.962224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T20:10:20.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:58.724Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Igor Morgenstern (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Alexandr Nedvedicky"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\u003cbr\u003eserver authentication, when paired with uncommon server DANE TLSA records, may\u003cbr\u003eresult in a use-after-free and/or double-free on the client side.\u003cbr\u003e\u003cbr\u003eImpact summary: A use after free can have a range of potential consequences\u003cbr\u003esuch as the corruption of valid data, crashes or execution of arbitrary code.\u003cbr\u003e\u003cbr\u003eHowever, the issue only affects clients that make use of TLSA records with both\u003cbr\u003ethe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\u003cbr\u003eusage.\u003cbr\u003e\u003cbr\u003eBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\u003cbr\u003erecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\u003cbr\u003ecertificate usages. These SMTP (or other similar) clients are not vulnerable\u003cbr\u003eto this issue. Conversely, any clients that support only the PKIX usages, and\u003cbr\u003eignore the DANE-TA(2) usage are also not vulnerable.\u003cbr\u003e\u003cbr\u003eThe client would also need to be communicating with a server that publishes a\u003cbr\u003eTLSA RRset with both types of TLSA records.\u003cbr\u003e\u003cbr\u003eNo FIPS modules are affected by this issue, the problem code is outside the\u003cbr\u003eFIPS module boundary."
}
],
"value": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:51.496Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential Use-after-free in DANE Client Code",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28387",
"datePublished": "2026-04-07T22:00:51.496Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:08:58.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28386 (GCVE-0-2026-28386)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-04-10 20:16
VLAI?
Title
Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support
Summary
Issue summary: Applications using AES-CFB128 encryption or decryption on
systems with AVX-512 and VAES support can trigger an out-of-bounds read
of up to 15 bytes when processing partial cipher blocks.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application if the input buffer ends at a memory
page boundary and the following page is unmapped. There is no information
disclosure as the over-read bytes are not written to output.
The vulnerable code path is only reached when processing partial blocks
(when a previous call left an incomplete block and the current call provides
fewer bytes than needed to complete it). Additionally, the input buffer
must be positioned at a page boundary with the following page unmapped.
CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or
ChaCha20-Poly1305 instead. For these reasons the issue was assessed as
Low severity according to our Security Policy.
Only x86-64 systems with AVX-512 and VAES instruction support are affected.
Other architectures and systems without VAES support use different code
paths that are not affected.
OpenSSL FIPS module in 3.6 version is affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://openssl-library.org/news/secadv/20260407.txt | vendor-advisory |
| https://github.com/openssl/openssl/commit/61f428a… | patch |
Impacted products
Date Public ?
2026-04-07 14:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:15:21.235876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:16:08.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "reporter",
"value": "Pavel Kohout (Aisle Research)"
},
{
"lang": "en",
"type": "reporter",
"value": "Alex Gaynor (Anthropic)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Pavel Kohout (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Alex Gaynor (Anthropic)"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\u003cbr\u003esystems with AVX-512 and VAES support can trigger an out-of-bounds read\u003cbr\u003eof up to 15 bytes when processing partial cipher blocks.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds read may trigger a crash which leads to\u003cbr\u003eDenial of Service for an application if the input buffer ends at a memory\u003cbr\u003epage boundary and the following page is unmapped. There is no information\u003cbr\u003edisclosure as the over-read bytes are not written to output.\u003cbr\u003e\u003cbr\u003eThe vulnerable code path is only reached when processing partial blocks\u003cbr\u003e(when a previous call left an incomplete block and the current call provides\u003cbr\u003efewer bytes than needed to complete it). Additionally, the input buffer\u003cbr\u003emust be positioned at a page boundary with the following page unmapped.\u003cbr\u003eCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\u003cbr\u003eChaCha20-Poly1305 instead. For these reasons the issue was assessed as\u003cbr\u003eLow severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\u003cbr\u003eOther architectures and systems without VAES support use different code\u003cbr\u003epaths that are not affected.\u003cbr\u003e\u003cbr\u003eOpenSSL FIPS module in 3.6 version is affected by this issue."
}
],
"value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:50.164Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28386",
"datePublished": "2026-04-07T22:00:50.164Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-04-10T20:16:08.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2673 (GCVE-0-2026-2673)
Vulnerability from cvelistv5 – Published: 2026-03-13 13:23 – Updated: 2026-05-18 19:23
VLAI?
Title
OpenSSL TLS 1.3 server may choose unexpected key agreement group
Summary
Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected
preferred key exchange group when its key exchange group configuration includes
the default by using the 'DEFAULT' keyword.
Impact summary: A less preferred key exchange may be used even when a more
preferred group is supported by both client and server, if the group
was not included among the client's initial predicated keyshares.
This will sometimes be the case with the new hybrid post-quantum groups,
if the client chooses to defer their use until specifically requested by
the server.
If an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to
interpolate the built-in default group list into its own configuration, perhaps
adding or removing specific elements, then an implementation defect causes the
'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups
were treated as a single sufficiently secure 'tuple', with the server not
sending a Hello Retry Request (HRR) even when a group in a more preferred tuple
was mutually supported.
As a result, the client and server might fail to negotiate a mutually supported
post-quantum key agreement group, such as 'X25519MLKEM768', if the client's
configuration results in only 'classical' groups (such as 'X25519' being the
only ones in the client's initial keyshare prediction).
OpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS
1.3 key agreement group on TLS servers. The old syntax had a single 'flat'
list of groups, and treated all the supported groups as sufficiently secure.
If any of the keyshares predicted by the client were supported by the server
the most preferred among these was selected, even if other groups supported by
the client, but not included in the list of predicted keyshares would have been
more preferred, if included.
The new syntax partitions the groups into distinct 'tuples' of roughly
equivalent security. Within each tuple the most preferred group included among
the client's predicted keyshares is chosen, but if the client supports a group
from a more preferred tuple, but did not predict any corresponding keyshares,
the server will ask the client to retry the ClientHello (by issuing a Hello
Retry Request or HRR) with the most preferred mutually supported group.
The above works as expected when the server's configuration uses the built-in
default group list, or explicitly defines its own list by directly defining the
various desired groups and group 'tuples'.
No OpenSSL FIPS modules are affected by this issue, the code in question lies
outside the FIPS boundary.
OpenSSL 3.6 and 3.5 are vulnerable to this issue.
OpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.
OpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.
OpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.
Severity ?
No CVSS data available.
CWE
- CWE-757 - Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://openssl-library.org/news/secadv/20260313.txt | vendor-advisory |
| https://github.com/openssl/openssl/commit/2157c9d… | patch |
| https://github.com/openssl/openssl/commit/85977e0… | patch |
Impacted products
Date Public ?
2026-03-13 14:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-03-13T15:15:21.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/13/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-2673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T17:17:17.444679Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T19:23:37.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:46.771Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Viktor Dukhovni"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
}
],
"datePublic": "2026-03-13T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\u003cbr\u003epreferred key exchange group when its key exchange group configuration includes\u003cbr\u003ethe default by using the \u0027DEFAULT\u0027 keyword.\u003cbr\u003e\u003cbr\u003eImpact summary: A less preferred key exchange may be used even when a more\u003cbr\u003epreferred group is supported by both client and server, if the group\u003cbr\u003ewas not included among the client\u0027s initial predicated keyshares.\u003cbr\u003eThis will sometimes be the case with the new hybrid post-quantum groups,\u003cbr\u003eif the client chooses to defer their use until specifically requested by\u003cbr\u003ethe server.\u003cbr\u003e\u003cbr\u003eIf an OpenSSL TLS 1.3 server\u0027s configuration uses the \u0027DEFAULT\u0027 keyword to\u003cbr\u003einterpolate the built-in default group list into its own configuration, perhaps\u003cbr\u003eadding or removing specific elements, then an implementation defect causes the\u003cbr\u003e\u0027DEFAULT\u0027 list to lose its \u0027tuple\u0027 structure, and all server-supported groups\u003cbr\u003ewere treated as a single sufficiently secure \u0027tuple\u0027, with the server not\u003cbr\u003esending a Hello Retry Request (HRR) even when a group in a more preferred tuple\u003cbr\u003ewas mutually supported.\u003cbr\u003e\u003cbr\u003eAs a result, the client and server might fail to negotiate a mutually supported\u003cbr\u003epost-quantum key agreement group, such as \u0027X25519MLKEM768\u0027, if the client\u0027s\u003cbr\u003econfiguration results in only \u0027classical\u0027 groups (such as \u0027X25519\u0027 being the\u003cbr\u003eonly ones in the client\u0027s initial keyshare prediction).\u003cbr\u003e\u003cbr\u003eOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\u003cbr\u003e1.3 key agreement group on TLS servers. The old syntax had a single \u0027flat\u0027\u003cbr\u003elist of groups, and treated all the supported groups as sufficiently secure.\u003cbr\u003eIf any of the keyshares predicted by the client were supported by the server\u003cbr\u003ethe most preferred among these was selected, even if other groups supported by\u003cbr\u003ethe client, but not included in the list of predicted keyshares would have been\u003cbr\u003emore preferred, if included.\u003cbr\u003e\u003cbr\u003eThe new syntax partitions the groups into distinct \u0027tuples\u0027 of roughly\u003cbr\u003eequivalent security. Within each tuple the most preferred group included among\u003cbr\u003ethe client\u0027s predicted keyshares is chosen, but if the client supports a group\u003cbr\u003efrom a more preferred tuple, but did not predict any corresponding keyshares,\u003cbr\u003ethe server will ask the client to retry the ClientHello (by issuing a Hello\u003cbr\u003eRetry Request or HRR) with the most preferred mutually supported group.\u003cbr\u003e\u003cbr\u003eThe above works as expected when the server\u0027s configuration uses the built-in\u003cbr\u003edefault group list, or explicitly defines its own list by directly defining the\u003cbr\u003evarious desired groups and group \u0027tuples\u0027.\u003cbr\u003e\u003cbr\u003eNo OpenSSL FIPS modules are affected by this issue, the code in question lies\u003cbr\u003eoutside the FIPS boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6 and 3.5 are vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\u003cbr\u003eOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue."
}
],
"value": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the \u0027DEFAULT\u0027 keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client\u0027s initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server\u0027s configuration uses the \u0027DEFAULT\u0027 keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n\u0027DEFAULT\u0027 list to lose its \u0027tuple\u0027 structure, and all server-supported groups\nwere treated as a single sufficiently secure \u0027tuple\u0027, with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as \u0027X25519MLKEM768\u0027, if the client\u0027s\nconfiguration results in only \u0027classical\u0027 groups (such as \u0027X25519\u0027 being the\nonly ones in the client\u0027s initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single \u0027flat\u0027\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct \u0027tuples\u0027 of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client\u0027s predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server\u0027s configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group \u0027tuples\u0027.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-757",
"description": "CWE-757 Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T13:23:00.376Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260313.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OpenSSL TLS 1.3 server may choose unexpected key agreement group",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-2673",
"datePublished": "2026-03-13T13:23:00.376Z",
"dateReserved": "2026-02-18T09:41:04.155Z",
"dateUpdated": "2026-05-18T19:23:37.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2026-22796
Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-05-12 13:17
Severity ?
Summary
Issue summary: A type confusion vulnerability exists in the signature
verification of signed PKCS#7 data where an ASN1_TYPE union member is
accessed without first validating the type, causing an invalid or NULL
pointer dereference when processing malformed PKCS#7 data.
Impact summary: An application performing signature verification of PKCS#7
data or calling directly the PKCS7_digest_from_attributes() function can be
caused to dereference an invalid or NULL pointer when reading, resulting in
a Denial of Service.
The function PKCS7_digest_from_attributes() accesses the message digest attribute
value without validating its type. When the type is not V_ASN1_OCTET_STRING,
this results in accessing invalid memory through the ASN1_TYPE union, causing
a crash.
Exploiting this vulnerability requires an attacker to provide a malformed
signed PKCS#7 to an application that verifies it. The impact of the
exploit is just a Denial of Service, the PKCS7 API is legacy and applications
should be using the CMS API instead. For these reasons the issue was
assessed as Low severity.
The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8EC60C-05EC-4886-8C82-63AEF4BDA8D5",
"versionEndExcluding": "1.0.2zn",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E000B986-6A31-468F-9EA3-B9D16DB16FB2",
"versionEndExcluding": "1.1.1ze",
"versionStartIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5",
"versionEndExcluding": "3.6.1",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
},
{
"lang": "es",
"value": "Resumen del problema: Existe una vulnerabilidad de confusi\u00f3n de tipos en la verificaci\u00f3n de firma de datos PKCS#7 firmados, donde se accede a un miembro de la uni\u00f3n ASN1_TYPE sin validar primero el tipo, causando una desreferencia de puntero inv\u00e1lido o NULL al procesar datos PKCS#7 malformados.\n\nResumen del impacto: Una aplicaci\u00f3n que realiza la verificaci\u00f3n de firma de datos PKCS#7 o que llama directamente a la funci\u00f3n PKCS7_digest_from_attributes() puede ser inducida a desreferenciar un puntero inv\u00e1lido o NULL al leer, resultando en una denegaci\u00f3n de servicio.\n\nLa funci\u00f3n PKCS7_digest_from_attributes() accede al valor del atributo de resumen del mensaje sin validar su tipo. Cuando el tipo no es V_ASN1_OCTET_STRING, esto resulta en el acceso a memoria inv\u00e1lida a trav\u00e9s de la uni\u00f3n ASN1_TYPE, causando un fallo.\n\nExplotar esta vulnerabilidad requiere que un atacante proporcione un PKCS#7 firmado malformado a una aplicaci\u00f3n que lo verifica. El impacto del exploit es solo una denegaci\u00f3n de servicio, la API PKCS7 es heredada y las aplicaciones deber\u00edan usar la API CMS en su lugar. Por estas razones, el problema fue evaluado como de baja severidad.\n\nLos m\u00f3dulos FIPS en 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de an\u00e1lisis de PKCS#7 est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 y 1.0.2 son vulnerables a este problema."
}
],
"id": "CVE-2026-22796",
"lastModified": "2026-05-12T13:17:32.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-27T16:16:35.543",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2026-22795
Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-05-12 13:17
Severity ?
Summary
Issue summary: An invalid or NULL pointer dereference can happen in
an application processing a malformed PKCS#12 file.
Impact summary: An application processing a malformed PKCS#12 file can be
caused to dereference an invalid or NULL pointer on memory read, resulting
in a Denial of Service.
A type confusion vulnerability exists in PKCS#12 parsing code where
an ASN1_TYPE union member is accessed without first validating the type,
causing an invalid pointer read.
The location is constrained to a 1-byte address space, meaning any
attempted pointer manipulation can only target addresses between 0x00 and 0xFF.
This range corresponds to the zero page, which is unmapped on most modern
operating systems and will reliably result in a crash, leading only to a
Denial of Service. Exploiting this issue also requires a user or application
to process a maliciously crafted PKCS#12 file. It is uncommon to accept
untrusted PKCS#12 files in applications as they are usually used to store
private keys which are trusted by definition. For these reasons, the issue
was assessed as Low severity.
The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS12 implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E000B986-6A31-468F-9EA3-B9D16DB16FB2",
"versionEndExcluding": "1.1.1ze",
"versionStartIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5",
"versionEndExcluding": "3.6.1",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."
},
{
"lang": "es",
"value": "Resumen del problema: Puede producirse una desreferencia de puntero inv\u00e1lido o NULL en una aplicaci\u00f3n que procesa un archivo PKCS#12 malformado.\n\nResumen del impacto: Una aplicaci\u00f3n que procesa un archivo PKCS#12 malformado puede ser inducida a desreferenciar un puntero inv\u00e1lido o NULL en una lectura de memoria, resultando en una denegaci\u00f3n de servicio.\n\nExiste una vulnerabilidad de confusi\u00f3n de tipos en el c\u00f3digo de an\u00e1lisis de PKCS#12 donde se accede a un miembro de la uni\u00f3n ASN1_TYPE sin validar primero el tipo, causando una lectura de puntero inv\u00e1lido.\n\nLa ubicaci\u00f3n est\u00e1 restringida a un espacio de direcciones de 1 byte, lo que significa que cualquier intento de manipulaci\u00f3n de puntero solo puede apuntar a direcciones entre 0x00 y 0xFF. Este rango corresponde a la p\u00e1gina cero, que no est\u00e1 mapeada en la mayor\u00eda de los sistemas operativos modernos y resultar\u00e1 de forma fiable en un fallo, lo que lleva solo a una denegaci\u00f3n de servicio. Para explotar este problema tambi\u00e9n es preciso que un usuario o aplicaci\u00f3n procese un archivo PKCS#12 creado maliciosamente. Es poco com\u00fan aceptar archivos PKCS#12 no confiables en aplicaciones, ya que generalmente se utilizan para almacenar claves privadas que son confiables por definici\u00f3n. Por estas razones, el problema fue evaluado como de baja severidad.\n\nLos m\u00f3dulos FIPS en 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de PKCS12 est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 y 1.1.1 son vulnerables a este problema.\n\nOpenSSL 1.0.2 no se ve afectado por este problema."
}
],
"id": "CVE-2026-22795",
"lastModified": "2026-05-12T13:17:32.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-27T16:16:35.430",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-69420
Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-05-12 13:17
Severity ?
Summary
Issue summary: A type confusion vulnerability exists in the TimeStamp Response
verification code where an ASN1_TYPE union member is accessed without first
validating the type, causing an invalid or NULL pointer dereference when
processing a malformed TimeStamp Response file.
Impact summary: An application calling TS_RESP_verify_response() with a
malformed TimeStamp Response can be caused to dereference an invalid or
NULL pointer when reading, resulting in a Denial of Service.
The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()
access the signing cert attribute value without validating its type.
When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory
through the ASN1_TYPE union, causing a crash.
Exploiting this vulnerability requires an attacker to provide a malformed
TimeStamp Response to an application that verifies timestamp responses. The
TimeStamp protocol (RFC 3161) is not widely used and the impact of the
exploit is just a Denial of Service. For these reasons the issue was
assessed as Low severity.
The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the TimeStamp Response implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E000B986-6A31-468F-9EA3-B9D16DB16FB2",
"versionEndExcluding": "1.1.1ze",
"versionStartIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5",
"versionEndExcluding": "3.6.1",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."
},
{
"lang": "es",
"value": "Resumen del problema: Existe una vulnerabilidad de confusi\u00f3n de tipos en el c\u00f3digo de verificaci\u00f3n de la Respuesta de Marca de Tiempo donde se accede a un miembro de uni\u00f3n ASN1_TYPE sin validar primero el tipo, causando una desreferencia de puntero inv\u00e1lido o NULL al procesar un archivo de Respuesta de Marca de Tiempo malformado.\n\nResumen del impacto: Una aplicaci\u00f3n que llama a TS_RESP_verify_response() con una Respuesta de Marca de Tiempo malformada puede ser inducida a desreferenciar un puntero inv\u00e1lido o NULL al leer, resultando en una denegaci\u00f3n de servicio.\n\nLas funciones ossl_ess_get_signing_cert() y ossl_ess_get_signing_cert_v2() acceden al valor del atributo del certificado de firma sin validar su tipo. Cuando el tipo no es V_ASN1_SEQUENCE, esto resulta en el acceso a memoria inv\u00e1lida a trav\u00e9s de la uni\u00f3n ASN1_TYPE, causando un fallo.\n\nExplotar esta vulnerabilidad requiere que un atacante proporcione una Respuesta de Marca de Tiempo malformada a una aplicaci\u00f3n que verifica las respuestas de marca de tiempo. El protocolo de Marca de Tiempo (RFC 3161) no es ampliamente utilizado y el impacto del exploit es solo una denegaci\u00f3n de servicio. Por estas razones, el problema fue evaluado como de baja severidad.\n\nLos m\u00f3dulos FIPS en 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de la Respuesta de Marca de Tiempo est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 y 1.1.1 son vulnerables a este problema.\n\nOpenSSL 1.0.2 no se ve afectado por este problema."
}
],
"id": "CVE-2025-69420",
"lastModified": "2026-05-12T13:17:26.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-27T16:16:34.317",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-69421
Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-05-12 13:17
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer
dereference in the PKCS12_item_decrypt_d2i_ex() function.
Impact summary: A NULL pointer dereference can trigger a crash which leads to
Denial of Service for an application processing PKCS#12 files.
The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct
parameter is NULL before dereferencing it. When called from
PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can
be NULL, causing a crash. The vulnerability is limited to Denial of Service
and cannot be escalated to achieve code execution or memory disclosure.
Exploiting this issue requires an attacker to provide a malformed PKCS#12 file
to an application that processes it. For that reason the issue was assessed as
Low severity according to our Security Policy.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8EC60C-05EC-4886-8C82-63AEF4BDA8D5",
"versionEndExcluding": "1.0.2zn",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A940A7B2-E35C-420E-A0EE-F1089180C133",
"versionEndIncluding": "1.1.1ze",
"versionStartIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5",
"versionEndExcluding": "3.6.1",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."
},
{
"lang": "es",
"value": "Resumen del problema: Procesar un archivo PKCS#12 malformado puede desencadenar una desreferencia de puntero NULL en la funci\u00f3n PKCS12_item_decrypt_d2i_ex().\n\nResumen del impacto: Una desreferencia de puntero NULL puede desencadenar un fallo que lleva a la denegaci\u00f3n de servicio para una aplicaci\u00f3n que procesa archivos PKCS#12.\n\nLa funci\u00f3n PKCS12_item_decrypt_d2i_ex() no comprueba si el par\u00e1metro oct es NULL antes de desreferenciarlo. Cuando se llama desde PKCS12_unpack_p7encdata() con un archivo PKCS#12 malformado, este par\u00e1metro puede ser NULL, causando un fallo. La vulnerabilidad est\u00e1 limitada a la denegaci\u00f3n de servicio y no puede ser escalada para lograr la ejecuci\u00f3n de c\u00f3digo o la divulgaci\u00f3n de memoria.\n\nExplotar este problema requiere que un atacante proporcione un archivo PKCS#12 malformado a una aplicaci\u00f3n que lo procesa. Por esa raz\u00f3n, el problema fue evaluado como de baja severidad seg\u00fan nuestra Pol\u00edtica de Seguridad.\n\nLos m\u00f3dulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de PKCS#12 est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 y 1.0.2 son vulnerables a este problema."
}
],
"id": "CVE-2025-69421",
"lastModified": "2026-05-12T13:17:26.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-27T16:16:34.437",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-69419
Vulnerability from fkie_nvd - Published: 2026-01-27 16:16 - Updated: 2026-05-12 13:17
Severity ?
Summary
Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously
crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing
non-ASCII BMP code point can trigger a one byte write before the allocated
buffer.
Impact summary: The out-of-bounds write can cause a memory corruption
which can have various consequences including a Denial of Service.
The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12
BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,
the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16
source byte count as the destination buffer capacity to UTF8_putc(). For BMP
code points above U+07FF, UTF-8 requires three bytes, but the forwarded
capacity can be just two bytes. UTF8_putc() then returns -1, and this negative
value is added to the output length without validation, causing the
length to become negative. The subsequent trailing NUL byte is then written
at a negative offset, causing write outside of heap allocated buffer.
The vulnerability is reachable via the public PKCS12_get_friendlyname() API
when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a
different code path that avoids this issue, PKCS12_get_friendlyname() directly
invokes the vulnerable function. Exploitation requires an attacker to provide
a malicious PKCS#12 file to be parsed by the application and the attacker
can just trigger a one zero byte write before the allocated buffer.
For that reason the issue was assessed as Low severity according to our
Security Policy.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,
as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.
OpenSSL 1.0.2 is not affected by this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E000B986-6A31-468F-9EA3-B9D16DB16FB2",
"versionEndExcluding": "1.1.1ze",
"versionStartIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76C5F55-5243-4461-82F5-2FEBFF4D59FA",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5292E9E-6B50-409F-9219-7B0A04047AD8",
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D3DCAE-317D-4DFB-93F0-7A235A229619",
"versionEndExcluding": "3.4.4",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CAC7CBE-EC03-4089-938A-0CEEB2E09B62",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68352537-5E99-4F4D-B78A-BCF0353A70A5",
"versionEndExcluding": "3.6.1",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue."
},
{
"lang": "es",
"value": "Resumen del problema: Llamar a la funci\u00f3n PKCS12_get_friendlyname() en un archivo PKCS#12 creado maliciosamente con un nombre descriptivo BMPString (UTF-16BE) que contiene un punto de c\u00f3digo BMP no ASCII puede desencadenar una escritura de un byte antes del b\u00fafer asignado.\n\nResumen del impacto: La escritura fuera de l\u00edmites puede causar una corrupci\u00f3n de memoria que puede tener varias consecuencias, incluyendo una denegaci\u00f3n de servicio.\n\nLa funci\u00f3n OPENSSL_uni2utf8() realiza una conversi\u00f3n en dos pasadas de un BMPString (UTF-16BE) de PKCS#12 a UTF-8. En la segunda pasada, al emitir bytes UTF-8, la funci\u00f3n auxiliar bmp_to_utf8() reenv\u00eda incorrectamente el recuento de bytes fuente UTF-16 restantes como la capacidad del b\u00fafer de destino a UTF8_putc(). Para puntos de c\u00f3digo BMP superiores a U+07FF, UTF-8 requiere tres bytes, pero la capacidad reenviada puede ser de solo dos bytes. UTF8_putc() luego devuelve -1, y este valor negativo se a\u00f1ade a la longitud de salida sin validaci\u00f3n, haciendo que la longitud se vuelva negativa. El subsiguiente byte NUL final se escribe entonces en un desplazamiento negativo, causando una escritura fuera del b\u00fafer asignado en el heap.\n\nLa vulnerabilidad es alcanzable a trav\u00e9s de la API p\u00fablica PKCS12_get_friendlyname() al analizar archivos PKCS#12 controlados por el atacante. Si bien PKCS12_parse() utiliza una ruta de c\u00f3digo diferente que evita este problema, PKCS12_get_friendlyname() invoca directamente la funci\u00f3n vulnerable. La explotaci\u00f3n requiere que un atacante proporcione un archivo PKCS#12 malicioso para ser analizado por la aplicaci\u00f3n y el atacante puede simplemente desencadenar una escritura de un byte cero antes del b\u00fafer asignado. Por esa raz\u00f3n, el problema fue evaluado como de baja severidad seg\u00fan nuestra Pol\u00edtica de Seguridad.\n\nLos m\u00f3dulos FIPS en 3.6, 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementaci\u00f3n de PKCS#12 est\u00e1 fuera del l\u00edmite del m\u00f3dulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 y 1.1.1 son vulnerables a este problema.\n\nOpenSSL 1.0.2 no se ve afectado por este problema."
}
],
"id": "CVE-2025-69419",
"lastModified": "2026-05-12T13:17:26.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-01-27T16:16:34.113",
"references": [
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Patch"
],
"url": "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535"
},
{
"source": "openssl-security@openssl.org",
"tags": [
"Vendor Advisory"
],
"url": "https://openssl-library.org/news/secadv/20260127.txt"
},
{
"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"sourceIdentifier": "openssl-security@openssl.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "openssl-security@openssl.org",
"type": "Secondary"
}
]
}