CVE-2026-31789

Name of the Vulnerable Software and Affected Versions OpenSSL (affected versions not specified)

Description Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32-bit platforms. This occurs when a crafted X.509 certificate contains an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID). The system calculates the required buffer size by multiplying the input length by 3, which can overflow on 32-bit platforms, resulting in the allocation of an undersized buffer. This may lead to a crash, attacker-controlled code execution, or other undefined behavior. Applications and services that print or log contents of untrusted X.509 certificates are susceptible, although the certificates would need to exceed 1 Gigabyte in size.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.