PT-2026-31825 · Openssl · Openssl
J Laratro
·
Published
2026-04-09
·
Updated
2026-04-14
·
CVE-2026-5392
CVSS v3.1
5.4
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
versions prior to 2.3
Description
A heap out-of-bounds read issue exists in the PKCS7 parsing process. A specially crafted PKCS7 message can cause an out-of-bounds read on the heap. The issue is due to a missing bounds check within the indefinite-length end-of-content verification loop in the
PKCS7 VerifySignedData() function.Recommendations
Update to version 2.3 or later.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openssl