CVE-2026-31789
Heap Buffer Overflow in OpenSSL X.509 OCTET STRING Conversion
Publication date: 2026-04-07
Last updated on: 2026-04-23
Assigner: OpenSSL Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openssl | openssl | From 3.0.0 (inc) to 3.0.20 (exc) |
| openssl | openssl | From 3.3.0 (inc) to 3.3.7 (exc) |
| openssl | openssl | From 3.4.0 (inc) to 3.4.5 (exc) |
| openssl | openssl | From 3.5.0 (inc) to 3.5.6 (exc) |
| openssl | openssl | From 3.6.0 (inc) to 3.6.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a heap buffer overflow triggered by converting an excessively large OCTET STRING value in X.509 certificate extensions to a hexadecimal string on 32-bit platforms.
Detection would involve identifying the presence of unusually large X.509 certificates, specifically those with OCTET STRING values in extensions like Subject Key Identifier (SKID) or Authority Key Identifier (AKID) that exceed typical sizes (over 1 Gigabyte).
However, since the certificates would have to be extremely large and this issue only affects 32-bit platforms, practical detection on typical systems is unlikely.
No specific commands or detection tools are provided in the available information.
Can you explain this vulnerability to me?
This vulnerability occurs when converting an excessively large OCTET STRING value to a hexadecimal string on 32-bit platforms. The process involves multiplying the input length by 3 to calculate the buffer size needed for the hexadecimal result. On 32-bit systems, this multiplication can overflow, causing the program to allocate a smaller buffer than required.
If an attacker supplies a crafted X.509 certificate containing an excessively large OCTET STRING value in extensions like the Subject Key Identifier (SKID) or Authority Key Identifier (AKID), this overflow can lead to a heap buffer overflow.
How can this vulnerability impact me? :
The heap buffer overflow caused by this vulnerability may lead to a crash of the affected application or service. In some cases, it could allow an attacker to execute arbitrary code or cause other undefined behavior.
However, exploitation requires an attacker to supply a crafted X.509 certificate with an OCTET STRING value larger than 1 Gigabyte, which is unlikely. Additionally, only 32-bit platforms are affected, and the issue is considered low severity.
Applications and services that print or log contents of untrusted X.509 certificates are vulnerable.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid processing or logging untrusted X.509 certificates that contain excessively large OCTET STRING values, especially on 32 bit platforms.
Since the vulnerability arises when converting large OCTET STRING values in certificate extensions such as Subject Key Identifier (SKID) or Authority Key Identifier (AKID) to hexadecimal strings, restricting or validating certificate sizes before processing can reduce risk.
Additionally, consider upgrading to a version of OpenSSL where this issue is fixed or using the FIPS modules (versions 3.0 to 3.6) which are not affected by this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.