CVE-2026-31789

Published Apr 7, 2026

Last updated a day ago

CVSS critical 9.8
Tls

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-31789 is identified as a heap buffer overflow vulnerability found in OpenSSL, primarily affecting 32-bit platforms. This flaw occurs during the conversion of an exceptionally large OCTET STRING value, embedded within an X.509 certificate, into a hexadecimal string. The core issue stems from an integer overflow that can happen when calculating the necessary buffer size for this conversion. This miscalculation leads to the allocation of an undersized buffer, subsequently causing a heap buffer overflow. Applications and services that process, print, or log untrusted X.509 certificates are susceptible to this vulnerability.

Description
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
Source
openssl-security@openssl.org
NVD status
Modified
Products
openssl

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

openssl-security@openssl.org
CWE-787

Social media

Hype score
Not currently trending

  1. After AIxCC wrapped in 2025, @DARPA worked with Xint and the other top performers to ensure the innovation continued even after the contest was done to secure the internet's open source infrastructure. Here is story of CVE-2026-31789 https://t.co/NUtnZUkvZ7

    @xint_official

    4 May 2026

    2570 Impressions

    1 Retweet

    9 Likes

    5 Bookmarks

    0 Replies

    1 Quote

Configurations

Related CVEs

  1. Linux Kernel Incorrect Resource Transfer Between Spheres VulnerabilityCVE-2026-31431
  2. Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.CVE-2026-5194
  3. A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key (PSK) binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and resulting in a remote Denial of Service (DoS) condition.CVE-2026-1584
  4. In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin.CVE-2026-34179
  5. Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.CVE-2026-31790

References

Sources include official advisories and independent security research.