PT-2026-31038 · Openssl+3 · Openssl+3

Daniel Rhea

+8

·

Published

2026-04-07

·

Updated

2026-05-04

·

CVE-2026-28389

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6
Description Processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash before authentication or cryptographic operations, resulting in a Denial of Service. The issue occurs when the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence, leading to a NULL pointer dereference if the field is missing. Applications and services calling CMS decrypt() on untrusted input, such as S/MIME processing or CMS-based protocols, are affected.
Recommendations Update to a version after 3.6. As a temporary workaround, avoid processing untrusted CMS EnvelopedData messages with KeyAgreeRecipientInfo.

Fix

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2026-28389
ECHO-BA3D-B3F7-03E8
JLSEC-2026-274
MGASA-2026-0091
OESA-2026-2041
OESA-2026-2042
OESA-2026-2043
OESA-2026-2044
OESA-2026-2045
OESA-2026-2189
OESA-2026-2190
OESA-2026-2191
OPENSUSE-SU-2026:10533-1
OPENSUSE-SU-2026:20525-1
RHSA-2026:7261
SUSE-SU-2026:1213-1
SUSE-SU-2026:1214-1
SUSE-SU-2026:1215-1
SUSE-SU-2026:1216-1
SUSE-SU-2026:1255-1
SUSE-SU-2026:1256-1
SUSE-SU-2026:1257-1
SUSE-SU-2026:1290-1
SUSE-SU-2026:1291-1
SUSE-SU-2026:1375-1
SUSE-SU-2026:1386-1
SUSE-SU-2026:1577-1
SUSE-SU-2026:21037-1
SUSE-SU-2026:21065-1
SUSE-SU-2026:21107-1
SUSE-SU-2026:21186-1
USN-8155-1
USN-8155-2

Affected Products

Ibm Aix
Linuxmint
Openssl
Ubuntu