Openssl · Openssl · CVE-2026-34180
**Name of the Vulnerable Software and Affected Versions**
OpenSSL (affected versions not specified)
**Description**
An integer truncation in the ASN.1 decoder occurs when parsing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes in length. This issue specifically affects 64-bit Unix and Unix-like platforms. The truncated length may be treated as a request to scan binary content for a terminating zero byte, leading to a heap buffer over-read. This can result in a Denial of Service by crashing the application or cause memory beyond the input buffer to be loaded into the decoded ASN.1 object. Applications that pass attacker-supplied data to decoding functions such as "d2i X509()", "d2i PKCS7()", or any other "d2i *" functions are affected.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.