Openssl · Openssl · CVE-2026-5392
Name of the Vulnerable Software and Affected Versions
versions prior to 2.3
Description
A heap out-of-bounds read issue exists in the PKCS7 parsing process. A specially crafted PKCS7 message can cause an out-of-bounds read on the heap. The issue is due to a missing bounds check within the indefinite-length end-of-content verification loop in the `PKCS7 VerifySignedData()` function.
Recommendations
Update to version 2.3 or later.