Vulnerability-Lookup

WID-SEC-W-2026-0995

Vulnerability from csaf_certbund - Published: 2026-04-07 22:00 - Updated: 2026-06-16 22:00

Summary

OpenSSL: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.

Angriff: Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-28386

Affected products

Known affected 25 products

Product	Identifier	Version
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Red Hat Ansible Automation Platform 2.6 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.6`	2.6
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-28387

Affected products

Known affected 25 products

Product	Identifier	Version
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Red Hat Ansible Automation Platform 2.6 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.6`	2.6
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-28388

Affected products

Known affected 25 products

Product	Identifier	Version
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Red Hat Ansible Automation Platform 2.6 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.6`	2.6
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-28389

Affected products

Known affected 25 products

Product	Identifier	Version
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Red Hat Ansible Automation Platform 2.6 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.6`	2.6
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-28390

Affected products

Known affected 25 products

Product	Identifier	Version
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Red Hat Ansible Automation Platform 2.6 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.6`	2.6
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-31789

Affected products

Known affected 25 products

Product	Identifier	Version
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Red Hat Ansible Automation Platform 2.6 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.6`	2.6
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

CVE-2026-31790

Affected products

Known affected 25 products

Product	Identifier	Version
Open Source OpenSSL <3.3.7 Open Source / OpenSSL		<3.3.7
Red Hat Ansible Automation Platform 2.6 Red Hat / Ansible Automation Platform	`cpe:/a:redhat:ansible_automation_platform:2.6`	2.6
Open Source OpenSSL <3.0.20 Open Source / OpenSSL		<3.0.20
Open Source OpenSSL <3.5.6 Open Source / OpenSSL		<3.5.6
Open Source OpenSSL <3.4.5 Open Source / OpenSSL		<3.4.5
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source OpenSSL <1.1.1zg Open Source / OpenSSL		<1.1.1zg
Open Source OpenSSL <1.0.2zp Open Source / OpenSSL		<1.0.2zp
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Red Hat Enterprise Linux Update Infrastructure 5.1 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1`	Update Infrastructure 5.1
NetApp AFF Baseboard Management Controller NetApp / AFF	`cpe:/h:netapp:aff:::baseboard_management_controller`	Baseboard Management Controller
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Open Source OpenSSL <3.6.2 Open Source / OpenSSL		<3.6.2
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
NetApp FAS Baseboard Management Controller NetApp / FAS	`cpe:/h:netapp:fas:baseboard_management_controller`	Baseboard Management Controller
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
NCP Secure Enterprise VPN Server <14.10 r32489 NCP / Secure Enterprise VPN Server		<14.10 r32489
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Microsoft Azure Linux azl3 Microsoft / Azure Linux	`cpe:/o:microsoft:azure_linux:azl3`	azl3
Google Container-Optimized OS Google	`cpe:/o:google:container-optimized_os:-`	—

References

62 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://openssl-library.org/news/secadv/20260407.txt	external
https://openssl-library.org/news/vulnerabilities/	external
https://lists.debian.org/debian-security-announce…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-8155-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-8155-2	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3249.html	external
https://msrc.microsoft.com/update-guide/	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://security.netapp.com/advisory/NTAP-20260417-0017	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://alas.aws.amazon.com/AL2/ALAS2OPENSSL-SNAP…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3274.html	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3275.html	external
https://access.redhat.com/errata/RHSA-2026:12195	external
https://www.ibm.com/support/pages/node/7271681	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:14937	external
https://access.redhat.com/errata/RHSA-2026:19066	external
https://access.redhat.com/errata/RHSA-2026:19218	external
https://docs.cloud.google.com/container-optimized…	external
https://access.redhat.com/errata/RHSA-2026:21275	external
https://access.redhat.com/errata/RHSA-2026:22314	external
https://access.redhat.com/errata/RHSA-2026:22313	external
https://access.redhat.com/errata/RHSA-2026:22315	external
https://access.redhat.com/errata/RHSA-2026:22312	external
https://www.ncp-e.com/fileadmin/_NCP/pdf/library/…	external
https://www.ncp-e.com/fileadmin/_NCP/pdf/library/…	external
https://www.ncp-e.com/fileadmin/_NCP/pdf/library/…	external
https://errata.build.resf.org/RLSA-2026:22312	external
https://access.redhat.com/errata/RHSA-2026:22634	external
https://linux.oracle.com/errata/ELSA-2026-22315.html	external
https://errata.build.resf.org/RLSA-2026:22313	external
https://errata.build.resf.org/RLSA-2026:22315	external
https://errata.build.resf.org/RLSA-2026:22314	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://access.redhat.com/errata/RHSA-2026:24866	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:26319	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0995 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0995.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0995 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0995"
      },
      {
        "category": "external",
        "summary": "OpenSSL Security Advisory vom 2026-04-07",
        "url": "https://openssl-library.org/news/secadv/20260407.txt"
      },
      {
        "category": "external",
        "summary": "OpenSSL Vulnerabilities vom 2026-04-07",
        "url": "https://openssl-library.org/news/vulnerabilities/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6201 vom 2026-04-08",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00111.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1214-1 vom 2026-04-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025167.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1216-1 vom 2026-04-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025165.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8155-1 vom 2026-04-08",
        "url": "https://ubuntu.com/security/notices/USN-8155-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1213-1 vom 2026-04-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025168.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1215-1 vom 2026-04-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025166.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8155-2 vom 2026-04-09",
        "url": "https://ubuntu.com/security/notices/USN-8155-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1256-1 vom 2026-04-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025199.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1255-1 vom 2026-04-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025200.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1257-1 vom 2026-04-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025198.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10533-1 vom 2026-04-12",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q3L6UO5MQYWT5OTNC6A64RQTAMSGR6D3/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21037-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025303.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1290-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025312.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1291-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025311.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21065-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025275.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3249 vom 2026-04-14",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3249.html"
      },
      {
        "category": "external",
        "summary": "Microsoft Security Update Guide vom 2026-04-14",
        "url": "https://msrc.microsoft.com/update-guide/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21107-1 vom 2026-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025373.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1375-1 vom 2026-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025384.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1386-1 vom 2026-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025395.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1429-1 vom 2026-04-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025435.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21186-1 vom 2026-04-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025505.html"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20260417-0017 vom 2026-04-21",
        "url": "https://security.netapp.com/advisory/NTAP-20260417-0017"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1549-1 vom 2026-04-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025567.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1550-1 vom 2026-04-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025566.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1577-1 vom 2026-04-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025597.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1562-1 vom 2026-04-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025576.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21244-1 vom 2026-04-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025592.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1605-1 vom 2026-04-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025615.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2OPENSSL-SNAPSAFE-2026-010 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2OPENSSL-SNAPSAFE-2026-010.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3274 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3274.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3275 vom 2026-04-30",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3275.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12195 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12195"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7271681 vom 2026-05-04",
        "url": "https://www.ibm.com/support/pages/node/7271681"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1711-1 vom 2026-05-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025892.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:14937 vom 2026-05-08",
        "url": "https://access.redhat.com/errata/RHSA-2026:14937"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19066 vom 2026-05-19",
        "url": "https://access.redhat.com/errata/RHSA-2026:19066"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19218 vom 2026-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:19218"
      },
      {
        "category": "external",
        "summary": "Container-Optimized OS release notes vom 2026-05-26",
        "url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#May_21_2026"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21275 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21275"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22314 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22314"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22313 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22313"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22315 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22315"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22312 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22312"
      },
      {
        "category": "external",
        "summary": "NCP Secure Enterprise VPN Server Release Notes vom 2026-06-02",
        "url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Secure_Enterprise_VPN_Server_Linux/de/NCP_RN_Linux_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
      },
      {
        "category": "external",
        "summary": "NCP Secure Enterprise VPN Server Release Notes  vom 2026-06-02",
        "url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Secure_Enterprise_VPN_Server_Win/de/NCP_RN_Win_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
      },
      {
        "category": "external",
        "summary": "NCP Secure Enterprise VPN Server Release Notes  vom 2026-06-02",
        "url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Virtual_Secure_Enterprise_VPN_Server/de/NCP_RN_Virtual_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:22312 vom 2026-06-02",
        "url": "https://errata.build.resf.org/RLSA-2026:22312"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22634 vom 2026-06-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:22634"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-22315 vom 2026-06-03",
        "url": "https://linux.oracle.com/errata/ELSA-2026-22315.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:22313 vom 2026-06-02",
        "url": "https://errata.build.resf.org/RLSA-2026:22313"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:22315 vom 2026-06-05",
        "url": "https://errata.build.resf.org/RLSA-2026:22315"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:22314 vom 2026-06-05",
        "url": "https://errata.build.resf.org/RLSA-2026:22314"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4624 vom 2026-06-09",
        "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00013.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:24866 vom 2026-06-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:24866"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2399-1 vom 2026-06-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026759.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2396-1 vom 2026-06-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026761.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26319 vom 2026-06-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:26319"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-16T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-17T09:00:24.742+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-0995",
      "initial_release_date": "2026-04-07T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-07T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-08T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-09T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-12T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE und openSUSE aufgenommen"
        },
        {
          "date": "2026-04-13T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE und Amazon aufgenommen"
        },
        {
          "date": "2026-04-14T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-04-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-16T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-19T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE und NetApp aufgenommen"
        },
        {
          "date": "2026-04-22T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2026-05-06T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-07T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-26T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-02T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-06-04T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-06-07T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-06-08T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-15T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-06-16T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "29"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Google Container-Optimized OS",
            "product": {
              "name": "Google Container-Optimized OS",
              "product_id": "1607324",
              "product_identification_helper": {
                "cpe": "cpe:/o:google:container-optimized_os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Google"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "IBM AIX 7.3",
                  "product_id": "1139691",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.2",
                "product": {
                  "name": "IBM AIX 7.2",
                  "product_id": "434967",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AIX"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.1",
                "product": {
                  "name": "IBM VIOS 4.1",
                  "product_id": "1522854",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:vios:4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "VIOS"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "azl3",
                "product": {
                  "name": "Microsoft Azure Linux azl3",
                  "product_id": "T049210",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:microsoft:azure_linux:azl3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c14.10 r32489",
                "product": {
                  "name": "NCP Secure Enterprise VPN Server \u003c14.10 r32489",
                  "product_id": "T054958"
                }
              },
              {
                "category": "product_version",
                "name": "14.10 r32489",
                "product": {
                  "name": "NCP Secure Enterprise VPN Server 14.10 r32489",
                  "product_id": "T054958-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ncp-e:secure_enterprise_vpn_server:14.10_r32489"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Secure Enterprise VPN Server"
          }
        ],
        "category": "vendor",
        "name": "NCP"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Baseboard Management Controller",
                "product": {
                  "name": "NetApp AFF Baseboard Management Controller",
                  "product_id": "T025086",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:netapp:aff:::baseboard_management_controller"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AFF"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Baseboard Management Controller",
                "product": {
                  "name": "NetApp FAS Baseboard Management Controller",
                  "product_id": "T043535",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:netapp:fas:baseboard_management_controller"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FAS"
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.6.2",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.6.2",
                  "product_id": "T052469"
                }
              },
              {
                "category": "product_version",
                "name": "3.6.2",
                "product": {
                  "name": "Open Source OpenSSL 3.6.2",
                  "product_id": "T052469-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.6.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.5.6",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.5.6",
                  "product_id": "T052470"
                }
              },
              {
                "category": "product_version",
                "name": "3.5.6",
                "product": {
                  "name": "Open Source OpenSSL 3.5.6",
                  "product_id": "T052470-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.5.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.4.5",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.4.5",
                  "product_id": "T052471"
                }
              },
              {
                "category": "product_version",
                "name": "3.4.5",
                "product": {
                  "name": "Open Source OpenSSL 3.4.5",
                  "product_id": "T052471-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.4.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.3.7",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.3.7",
                  "product_id": "T052472"
                }
              },
              {
                "category": "product_version",
                "name": "3.3.7",
                "product": {
                  "name": "Open Source OpenSSL 3.3.7",
                  "product_id": "T052472-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.3.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.0.20",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.0.20",
                  "product_id": "T052473"
                }
              },
              {
                "category": "product_version",
                "name": "3.0.20",
                "product": {
                  "name": "Open Source OpenSSL 3.0.20",
                  "product_id": "T052473-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.0.20"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.1.1zg",
                "product": {
                  "name": "Open Source OpenSSL \u003c1.1.1zg",
                  "product_id": "T052474"
                }
              },
              {
                "category": "product_version",
                "name": "1.1.1zg",
                "product": {
                  "name": "Open Source OpenSSL 1.1.1zg",
                  "product_id": "T052474-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.1.1zg"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c1.0.2zp",
                "product": {
                  "name": "Open Source OpenSSL \u003c1.0.2zp",
                  "product_id": "T052475"
                }
              },
              {
                "category": "product_version",
                "name": "1.0.2zp",
                "product": {
                  "name": "Open Source OpenSSL 1.0.2zp",
                  "product_id": "T052475-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:1.0.2zp"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenSSL"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.6",
                "product": {
                  "name": "Red Hat Ansible Automation Platform 2.6",
                  "product_id": "849D5C3D-731E-4D19-801F-338FD159A1BB",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ansible Automation Platform"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Update Infrastructure 5.1",
                "product": {
                  "name": "Red Hat Enterprise Linux Update Infrastructure 5.1",
                  "product_id": "T054761",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-28386",
      "product_status": {
        "known_affected": [
          "T052472",
          "849D5C3D-731E-4D19-801F-338FD159A1BB",
          "T052473",
          "T052470",
          "T052471",
          "67646",
          "T004914",
          "T052474",
          "T052475",
          "1139691",
          "398363",
          "T054761",
          "T025086",
          "434967",
          "T052469",
          "1522854",
          "T032255",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28386"
    },
    {
      "cve": "CVE-2026-28387",
      "product_status": {
        "known_affected": [
          "T052472",
          "849D5C3D-731E-4D19-801F-338FD159A1BB",
          "T052473",
          "T052470",
          "T052471",
          "67646",
          "T004914",
          "T052474",
          "T052475",
          "1139691",
          "398363",
          "T054761",
          "T025086",
          "434967",
          "T052469",
          "1522854",
          "T032255",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28387"
    },
    {
      "cve": "CVE-2026-28388",
      "product_status": {
        "known_affected": [
          "T052472",
          "849D5C3D-731E-4D19-801F-338FD159A1BB",
          "T052473",
          "T052470",
          "T052471",
          "67646",
          "T004914",
          "T052474",
          "T052475",
          "1139691",
          "398363",
          "T054761",
          "T025086",
          "434967",
          "T052469",
          "1522854",
          "T032255",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28388"
    },
    {
      "cve": "CVE-2026-28389",
      "product_status": {
        "known_affected": [
          "T052472",
          "849D5C3D-731E-4D19-801F-338FD159A1BB",
          "T052473",
          "T052470",
          "T052471",
          "67646",
          "T004914",
          "T052474",
          "T052475",
          "1139691",
          "398363",
          "T054761",
          "T025086",
          "434967",
          "T052469",
          "1522854",
          "T032255",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28389"
    },
    {
      "cve": "CVE-2026-28390",
      "product_status": {
        "known_affected": [
          "T052472",
          "849D5C3D-731E-4D19-801F-338FD159A1BB",
          "T052473",
          "T052470",
          "T052471",
          "67646",
          "T004914",
          "T052474",
          "T052475",
          "1139691",
          "398363",
          "T054761",
          "T025086",
          "434967",
          "T052469",
          "1522854",
          "T032255",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-28390"
    },
    {
      "cve": "CVE-2026-31789",
      "product_status": {
        "known_affected": [
          "T052472",
          "849D5C3D-731E-4D19-801F-338FD159A1BB",
          "T052473",
          "T052470",
          "T052471",
          "67646",
          "T004914",
          "T052474",
          "T052475",
          "1139691",
          "398363",
          "T054761",
          "T025086",
          "434967",
          "T052469",
          "1522854",
          "T032255",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-31789"
    },
    {
      "cve": "CVE-2026-31790",
      "product_status": {
        "known_affected": [
          "T052472",
          "849D5C3D-731E-4D19-801F-338FD159A1BB",
          "T052473",
          "T052470",
          "T052471",
          "67646",
          "T004914",
          "T052474",
          "T052475",
          "1139691",
          "398363",
          "T054761",
          "T025086",
          "434967",
          "T052469",
          "1522854",
          "T032255",
          "2951",
          "T002207",
          "T043535",
          "T000126",
          "T054958",
          "T027843",
          "T049210",
          "1607324"
        ]
      },
      "release_date": "2026-04-07T22:00:00.000+00:00",
      "title": "CVE-2026-31790"
    }
  ]
}

CVE-2026-28386 (GCVE-0-2026-28386)

Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-04-10 20:16

Title

Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support

Summary

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not written to output. The vulnerable code path is only reached when processing partial blocks (when a previous call left an incomplete block and the current call provides fewer bytes than needed to complete it). Additionally, the input buffer must be positioned at a page boundary with the following page unmapped. CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or ChaCha20-Poly1305 instead. For these reasons the issue was assessed as Low severity according to our Security Policy. Only x86-64 systems with AVX-512 and VAES instruction support are affected. Other architectures and systems without VAES support use different code paths that are not affected. OpenSSL FIPS module in 3.6 version is affected by this issue.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-125 - Out-of-bounds Read

Assigner

openssl

References

2 references

URL	Tags
https://openssl-library.org/news/secadv/20260407.txt	vendor-advisory
https://github.com/openssl/openssl/commit/61f428a…	patch

Impacted products

1 product

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.6.0 , < 3.6.2 (semver)

Date Public

2026-04-07 14:00

Credits

Stanislav Fort (Aisle Research) Pavel Kohout (Aisle Research) Alex Gaynor (Anthropic) Stanislav Fort (Aisle Research) Pavel Kohout (Aisle Research) Alex Gaynor (Anthropic)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-28386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T20:15:21.235876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T20:16:08.389Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Stanislav Fort (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Pavel Kohout (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Alex Gaynor (Anthropic)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Stanislav Fort (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Pavel Kohout (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Alex Gaynor (Anthropic)"
        }
      ],
      "datePublic": "2026-04-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\u003cbr\u003esystems with AVX-512 and VAES support can trigger an out-of-bounds read\u003cbr\u003eof up to 15 bytes when processing partial cipher blocks.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds read may trigger a crash which leads to\u003cbr\u003eDenial of Service for an application if the input buffer ends at a memory\u003cbr\u003epage boundary and the following page is unmapped. There is no information\u003cbr\u003edisclosure as the over-read bytes are not written to output.\u003cbr\u003e\u003cbr\u003eThe vulnerable code path is only reached when processing partial blocks\u003cbr\u003e(when a previous call left an incomplete block and the current call provides\u003cbr\u003efewer bytes than needed to complete it). Additionally, the input buffer\u003cbr\u003emust be positioned at a page boundary with the following page unmapped.\u003cbr\u003eCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\u003cbr\u003eChaCha20-Poly1305 instead. For these reasons the issue was assessed as\u003cbr\u003eLow severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\u003cbr\u003eOther architectures and systems without VAES support use different code\u003cbr\u003epaths that are not affected.\u003cbr\u003e\u003cbr\u003eOpenSSL FIPS module in 3.6 version is affected by this issue."
            }
          ],
          "value": "Issue summary: Applications using AES-CFB128 encryption or decryption on\nsystems with AVX-512 and VAES support can trigger an out-of-bounds read\nof up to 15 bytes when processing partial cipher blocks.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not written to output.\n\nThe vulnerable code path is only reached when processing partial blocks\n(when a previous call left an incomplete block and the current call provides\nfewer bytes than needed to complete it). Additionally, the input buffer\nmust be positioned at a page boundary with the following page unmapped.\nCFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or\nChaCha20-Poly1305 instead. For these reasons the issue was assessed as\nLow severity according to our Security Policy.\n\nOnly x86-64 systems with AVX-512 and VAES instruction support are affected.\nOther architectures and systems without VAES support use different code\npaths that are not affected.\n\nOpenSSL FIPS module in 3.6 version is affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T22:00:50.164Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "name": "3.6.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/61f428a2fc6671ede184a19f71e6e495f0689621"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-28386",
    "datePublished": "2026-04-07T22:00:50.164Z",
    "dateReserved": "2026-02-27T13:45:02.161Z",
    "dateUpdated": "2026-04-10T20:16:08.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28387 (GCVE-0-2026-28387)

Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:08

Title

Potential Use-after-free in DANE Client Code

Summary

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, the issue only affects clients that make use of TLSA records with both the PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate usage. By far the most common deployment of DANE is in SMTP MTAs for which RFC7672 recommends that clients treat as 'unusable' any TLSA records that have the PKIX certificate usages. These SMTP (or other similar) clients are not vulnerable to this issue. Conversely, any clients that support only the PKIX usages, and ignore the DANE-TA(2) usage are also not vulnerable. The client would also need to be communicating with a server that publishes a TLSA RRset with both types of TLSA records. No FIPS modules are affected by this issue, the problem code is outside the FIPS module boundary.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free

Assigner

openssl

References

8 references

URL	Tags
https://openssl-library.org/news/secadv/20260407.txt	vendor-advisory
https://github.com/openssl/openssl/commit/258a8f6…	patch
https://github.com/openssl/openssl/commit/444958d…	patch
https://github.com/openssl/openssl/commit/07e727d…	patch
https://github.com/openssl/openssl/commit/7a4e08c…	patch
https://github.com/openssl/openssl/commit/ec03fa0…	patch
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

3 products

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.6.0 , < 3.6.2 (semver) Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) Affected: 1.1.1 , < 1.1.1zg (custom)
Siemens	SIMATIC CN 4100	Affected: 0 , < V5.0 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Date Public

2026-04-07 14:00

Credits

Igor Morgenstern (Aisle Research) Viktor Dukhovni Alexandr Nedvedicky

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-28387",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T03:56:07.962224Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-10T20:10:20.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:58.724Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.7",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.20",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1zg",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Igor Morgenstern (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Alexandr Nedvedicky"
        }
      ],
      "datePublic": "2026-04-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\u003cbr\u003eserver authentication, when paired with uncommon server DANE TLSA records, may\u003cbr\u003eresult in a use-after-free and/or double-free on the client side.\u003cbr\u003e\u003cbr\u003eImpact summary: A use after free can have a range of potential consequences\u003cbr\u003esuch as the corruption of valid data, crashes or execution of arbitrary code.\u003cbr\u003e\u003cbr\u003eHowever, the issue only affects clients that make use of TLSA records with both\u003cbr\u003ethe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\u003cbr\u003eusage.\u003cbr\u003e\u003cbr\u003eBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\u003cbr\u003erecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\u003cbr\u003ecertificate usages.  These SMTP (or other similar) clients are not vulnerable\u003cbr\u003eto this issue.  Conversely, any clients that support only the PKIX usages, and\u003cbr\u003eignore the DANE-TA(2) usage are also not vulnerable.\u003cbr\u003e\u003cbr\u003eThe client would also need to be communicating with a server that publishes a\u003cbr\u003eTLSA RRset with both types of TLSA records.\u003cbr\u003e\u003cbr\u003eNo FIPS modules are affected by this issue, the problem code is outside the\u003cbr\u003eFIPS module boundary."
            }
          ],
          "value": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as \u0027unusable\u0027 any TLSA records that have the PKIX\ncertificate usages.  These SMTP (or other similar) clients are not vulnerable\nto this issue.  Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T22:00:51.496Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "name": "3.6.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe"
        },
        {
          "name": "3.5.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3"
        },
        {
          "name": "3.4.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b"
        },
        {
          "name": "3.3.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7"
        },
        {
          "name": "3.0.20 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Potential Use-after-free in DANE Client Code",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-28387",
    "datePublished": "2026-04-07T22:00:51.496Z",
    "dateReserved": "2026-02-27T13:45:02.161Z",
    "dateUpdated": "2026-05-12T12:08:58.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28388 (GCVE-0-2026-28388)

Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:08

Title

NULL Pointer Dereference When Processing a Delta CRL

Summary

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. When CRL processing and delta CRL processing is enabled during X.509 certificate verification, the delta CRL processing does not check whether the CRL Number extension is NULL before dereferencing it. When a malformed delta CRL file is being processed, this parameter can be NULL, causing a NULL pointer dereference. Exploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in the verification context, the certificate being verified to contain a freshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and an attacker to provide a malformed CRL to an application that processes it. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference

Assigner

openssl

References

8 references

URL	Tags
https://openssl-library.org/news/secadv/20260407.txt	vendor-advisory
https://github.com/openssl/openssl/commit/602542f…	patch
https://github.com/openssl/openssl/commit/d3a901e…	patch
https://github.com/openssl/openssl/commit/a9d187d…	patch
https://github.com/openssl/openssl/commit/5a0b493…	patch
https://github.com/openssl/openssl/commit/59c3b31…	patch
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

3 products

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.6.0 , < 3.6.2 (semver) Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) Affected: 1.1.1 , < 1.1.1zg (custom) Affected: 1.0.2 , < 1.0.2zp (custom)
Siemens	SIMATIC CN 4100	Affected: 0 , < V5.0 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Date Public

2026-04-07 14:00

Credits

Igor Morgenstern (Aisle Research) Igor Morgenstern (Aisle Research)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-28388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T20:18:04.195701Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T20:18:43.095Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:59.931Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.7",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.20",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1zg",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zp",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Igor Morgenstern (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Igor Morgenstern (Aisle Research)"
        }
      ],
      "datePublic": "2026-04-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\u003cbr\u003eis processed a NULL pointer dereference might happen if the required CRL\u003cbr\u003eNumber extension is missing.\u003cbr\u003e\u003cbr\u003eImpact summary: A NULL pointer dereference can trigger a crash which\u003cbr\u003eleads to a Denial of Service for an application.\u003cbr\u003e\u003cbr\u003eWhen CRL processing and delta CRL processing is enabled during X.509\u003cbr\u003ecertificate verification, the delta CRL processing does not check\u003cbr\u003ewhether the CRL Number extension is NULL before dereferencing it.\u003cbr\u003eWhen a malformed delta CRL file is being processed, this parameter\u003cbr\u003ecan be NULL, causing a NULL pointer dereference.\u003cbr\u003e\u003cbr\u003eExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\u003cbr\u003ethe verification context, the certificate being verified to contain a\u003cbr\u003efreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\u003cbr\u003ean attacker to provide a malformed CRL to an application that processes it.\u003cbr\u003e\u003cbr\u003eThe vulnerability is limited to Denial of Service and cannot be escalated to\u003cbr\u003eachieve code execution or memory disclosure. For that reason the issue was\u003cbr\u003eassessed as Low severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the affected code is outside the OpenSSL FIPS module boundary."
            }
          ],
          "value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T22:00:52.382Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "name": "3.6.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3"
        },
        {
          "name": "3.5.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726"
        },
        {
          "name": "3.4.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8"
        },
        {
          "name": "3.3.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139"
        },
        {
          "name": "3.0.20 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "NULL Pointer Dereference When Processing a Delta CRL",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-28388",
    "datePublished": "2026-04-07T22:00:52.382Z",
    "dateReserved": "2026-02-27T13:45:02.161Z",
    "dateUpdated": "2026-05-12T12:08:59.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28389 (GCVE-0-2026-28389)

Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09

Title

Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

Summary

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is processed, the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference

Assigner

openssl

References

8 references

URL	Tags
https://openssl-library.org/news/secadv/20260407.txt	vendor-advisory
https://github.com/openssl/openssl/commit/f80f83b…	patch
https://github.com/openssl/openssl/commit/16cea41…	patch
https://github.com/openssl/openssl/commit/785cbf7…	patch
https://github.com/openssl/openssl/commit/c672563…	patch
https://github.com/openssl/openssl/commit/7b5274e…	patch
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

3 products

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.6.0 , < 3.6.2 (semver) Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) Affected: 1.1.1 , < 1.1.1zg (custom) Affected: 1.0.2 , < 1.0.2zp (custom)
Siemens	SIMATIC CN 4100	Affected: 0 , < V5.0 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Date Public

2026-04-07 14:00

Credits

Nathan Sportsman (Praetorian) Daniel Rhea Jaeho Nam (Seoul National University) Muhammad Daffa Zhanpeng Liu (Tencent Xuanwu Lab) Guannan Wang (Tencent Xuanwu Lab) Guancheng Li (Tencent Xuanwu Lab) Joshua Rogers (Aisle Research) Neil Horman

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-28389",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T20:20:14.953384Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T20:20:45.506Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:09:01.089Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.7",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.20",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1zg",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zp",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Nathan Sportsman (Praetorian)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Daniel Rhea"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jaeho Nam (Seoul National University)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Muhammad Daffa"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zhanpeng Liu (Tencent Xuanwu Lab)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Guannan Wang (Tencent Xuanwu Lab)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Guancheng Li (Tencent Xuanwu Lab)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Joshua Rogers (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Neil Horman"
        }
      ],
      "datePublic": "2026-04-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: During processing of a crafted CMS EnvelopedData message\u003cbr\u003ewith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that process attacker-controlled CMS data may\u003cbr\u003ecrash before authentication or cryptographic operations occur resulting in\u003cbr\u003eDenial of Service.\u003cbr\u003e\u003cbr\u003eWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\u003cbr\u003eprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\u003cbr\u003eis examined without checking for its presence. This results in a NULL\u003cbr\u003epointer dereference if the field is missing.\u003cbr\u003e\u003cbr\u003eApplications and services that call CMS_decrypt() on untrusted input\u003cbr\u003e(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
            }
          ],
          "value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T07:28:13.700Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "name": "3.6.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686"
        },
        {
          "name": "3.5.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5"
        },
        {
          "name": "3.4.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616"
        },
        {
          "name": "3.3.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a"
        },
        {
          "name": "3.0.20 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-28389",
    "datePublished": "2026-04-07T22:00:53.364Z",
    "dateReserved": "2026-02-27T13:45:02.161Z",
    "dateUpdated": "2026-05-12T12:09:01.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28390 (GCVE-0-2026-28390)

Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09

Title

Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

Summary

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-476 - NULL Pointer Dereference

Assigner

openssl

References

8 references

URL	Tags
https://openssl-library.org/news/secadv/20260407.txt	vendor-advisory
https://github.com/openssl/openssl/commit/01194a8…	patch
https://github.com/openssl/openssl/commit/2e39b7a…	patch
https://github.com/openssl/openssl/commit/ea7b4ea…	patch
https://github.com/openssl/openssl/commit/fd2f1a6…	patch
https://github.com/openssl/openssl/commit/af2a5fe…	patch
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

3 products

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.6.0 , < 3.6.2 (semver) Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) Affected: 1.1.1 , < 1.1.1zg (custom) Affected: 1.0.2 , < 1.0.2zp (custom)
Siemens	SIMATIC CN 4100	Affected: 0 , < V5.0 (custom)
Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux subsystem	Affected: 0 , < * (custom)

Date Public

2026-04-07 14:00

Credits

Muhammad Daffa Zhanpeng Liu (Tencent Xuanwu Lab) Guannan Wang (Tencent Xuanwu Lab) Guancheng Li (Tencent Xuanwu Lab) Joshua Rogers (Aisle Research) Chanho Kim Neil Horman

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-28390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T20:24:15.925981Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T20:26:06.061Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:09:02.294Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.7",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.20",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1zg",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zp",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Muhammad Daffa"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zhanpeng Liu (Tencent Xuanwu Lab)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Guannan Wang (Tencent Xuanwu Lab)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Guancheng Li (Tencent Xuanwu Lab)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Joshua Rogers (Aisle Research)"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Chanho Kim"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Neil Horman"
        }
      ],
      "datePublic": "2026-04-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: During processing of a crafted CMS EnvelopedData message\u003cbr\u003ewith KeyTransportRecipientInfo a NULL pointer dereference can happen.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that process attacker-controlled CMS data may\u003cbr\u003ecrash before authentication or cryptographic operations occur resulting in\u003cbr\u003eDenial of Service.\u003cbr\u003e\u003cbr\u003eWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\u003cbr\u003eRSA-OAEP encryption is processed, the optional parameters field of\u003cbr\u003eRSA-OAEP SourceFunc algorithm identifier is examined without checking\u003cbr\u003efor its presence. This results in a NULL pointer dereference if the field\u003cbr\u003eis missing.\u003cbr\u003e\u003cbr\u003eApplications and services that call CMS_decrypt() on untrusted input\u003cbr\u003e(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
            }
          ],
          "value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-15T07:28:22.729Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "name": "3.6.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc"
        },
        {
          "name": "3.5.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6"
        },
        {
          "name": "3.4.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788"
        },
        {
          "name": "3.3.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75"
        },
        {
          "name": "3.0.20 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-28390",
    "datePublished": "2026-04-07T22:00:54.172Z",
    "dateReserved": "2026-02-27T13:45:02.161Z",
    "dateUpdated": "2026-05-12T12:09:02.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-31789 (GCVE-0-2026-31789)

Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09

Title

Heap Buffer Overflow in Hexadecimal Conversion

Summary

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Severity

5.8 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-787 - Out-of-bounds Write

Assigner

openssl

References

7 references

URL	Tags
https://openssl-library.org/news/secadv/20260407.txt	vendor-advisory
https://github.com/openssl/openssl/commit/a242160…	patch
https://github.com/openssl/openssl/commit/945b935…	patch
https://github.com/openssl/openssl/commit/364f095…	patch
https://github.com/openssl/openssl/commit/7a9087e…	patch
https://github.com/openssl/openssl/commit/a91e537…	patch
https://cert-portal.siemens.com/productcert/html/…

Impacted products

2 products

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.6.0 , < 3.6.2 (semver) Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver)
Siemens	SIMATIC CN 4100	Affected: 0 , < V5.0 (custom)

Date Public

2026-04-07 14:00

Credits

Quoc Tran (Xint.io - US Team) Igor Ustinov

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-31789",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T03:56:05.246752Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-10T20:08:19.604Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:09:05.071Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.7",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.20",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Quoc Tran (Xint.io - US Team)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Igor Ustinov"
        }
      ],
      "datePublic": "2026-04-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Converting an excessively large OCTET STRING value to\u003cbr\u003ea hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\u003cbr\u003e\u003cbr\u003eImpact summary: A heap buffer overflow may lead to a crash or possibly\u003cbr\u003ean attacker controlled code execution or other undefined behavior.\u003cbr\u003e\u003cbr\u003eIf an attacker can supply a crafted X.509 certificate with an excessively\u003cbr\u003elarge OCTET STRING value in extensions such as the Subject Key Identifier\u003cbr\u003e(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\u003cbr\u003ethe size of the buffer needed for the result is calculated as multiplication\u003cbr\u003eof the input length by 3. On 32 bit platforms, this multiplication may overflow\u003cbr\u003eresulting in the allocation of a smaller buffer and a heap buffer overflow.\u003cbr\u003e\u003cbr\u003eApplications and services that print or log contents of untrusted X.509\u003cbr\u003ecertificates are vulnerable to this issue. As the certificates would have\u003cbr\u003eto have sizes of over 1 Gigabyte, printing or logging such certificates\u003cbr\u003eis a fairly unlikely operation and only 32 bit platforms are affected,\u003cbr\u003ethis issue was assigned Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
            }
          ],
          "value": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T22:00:54.983Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "name": "3.6.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9"
        },
        {
          "name": "3.5.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49"
        },
        {
          "name": "3.4.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde"
        },
        {
          "name": "3.3.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf"
        },
        {
          "name": "3.0.20 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Heap Buffer Overflow in Hexadecimal Conversion",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-31789",
    "datePublished": "2026-04-07T22:00:54.983Z",
    "dateReserved": "2026-03-09T15:56:53.191Z",
    "dateUpdated": "2026-05-12T12:09:05.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-31790 (GCVE-0-2026-31790)

Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09

Title

Incorrect Failure Handling in RSA KEM RSASVE Encapsulation

Summary

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

openssl

References

7 references

URL	Tags
https://openssl-library.org/news/secadv/20260407.txt	vendor-advisory
https://github.com/openssl/openssl/commit/abd8b2e…	patch
https://github.com/openssl/openssl/commit/001e01d…	patch
https://github.com/openssl/openssl/commit/d5f8e71…	patch
https://github.com/openssl/openssl/commit/b922e24…	patch
https://github.com/openssl/openssl/commit/eed200f…	patch
https://cert-portal.siemens.com/productcert/html/…

Impacted products

2 products

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.6.0 , < 3.6.2 (semver) Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver)
Siemens	SIMATIC CN 4100	Affected: 0 , < V5.0 (custom)

Date Public

2026-04-07 14:00

Credits

Simo Sorce (Red Hat) Nikola Pajkovsky

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-31790",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T14:32:04.700201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T14:32:37.439Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC CN 4100",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:09:06.208Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.6.2",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.5",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.3.7",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.20",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Simo Sorce (Red Hat)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Nikola Pajkovsky"
        }
      ],
      "datePublic": "2026-04-07T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Applications using RSASVE key encapsulation to establish\u003cbr\u003ea secret encryption key can send contents of an uninitialized memory buffer to\u003cbr\u003ea malicious peer.\u003cbr\u003e\u003cbr\u003eImpact summary: The uninitialized buffer might contain sensitive data from the\u003cbr\u003eprevious execution of the application process which leads to sensitive data\u003cbr\u003eleakage to an attacker.\u003cbr\u003e\u003cbr\u003eRSA_public_encrypt() returns the number of bytes written on success and -1\u003cbr\u003eon error. The affected code tests only whether the return value is non-zero.\u003cbr\u003eAs a result, if RSA encryption fails, encapsulation can still return success to\u003cbr\u003ethe caller, set the output lengths, and leave the caller to use the contents of\u003cbr\u003ethe ciphertext buffer as if a valid KEM ciphertext had been produced.\u003cbr\u003e\u003cbr\u003eIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\u003cbr\u003eattacker-supplied invalid RSA public key without first validating that key,\u003cbr\u003ethen this may cause stale or uninitialized contents of the caller-provided\u003cbr\u003eciphertext buffer to be disclosed to the attacker in place of the KEM\u003cbr\u003eciphertext.\u003cbr\u003e\u003cbr\u003eAs a workaround calling EVP_PKEY_public_check() or\u003cbr\u003eEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\u003cbr\u003ethe issue.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."
            }
          ],
          "value": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T22:00:56.698Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260407.txt"
        },
        {
          "name": "3.6.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482"
        },
        {
          "name": "3.5.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac"
        },
        {
          "name": "3.4.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790"
        },
        {
          "name": "3.3.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406"
        },
        {
          "name": "3.0.20 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect Failure Handling in RSA KEM RSASVE Encapsulation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-31790",
    "datePublished": "2026-04-07T22:00:56.698Z",
    "dateReserved": "2026-03-09T15:56:53.191Z",
    "dateUpdated": "2026-05-12T12:09:06.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0995

CVE-2026-28386 (GCVE-0-2026-28386)

CVE-2026-28387 (GCVE-0-2026-28387)

CVE-2026-28388 (GCVE-0-2026-28388)

CVE-2026-28389 (GCVE-0-2026-28389)

CVE-2026-28390 (GCVE-0-2026-28390)

CVE-2026-31789 (GCVE-0-2026-31789)

CVE-2026-31790 (GCVE-0-2026-31790)

Tags

Sightings

Nomenclature