CVE-2026-40253
Received Received - Intake
Out-of-Bounds Read in openCryptoki BER/DER Decoding Library

Publication date: 2026-04-16

Last updated on: 2026-04-22

Assigner: GitHub, Inc.

Description
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library (asn1.c) accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them against actual buffer boundaries. All primitive decoders are affected: ber_decode_INTEGER, ber_decode_SEQUENCE, ber_decode_OCTET_STRING, ber_decode_BIT_STRING, and ber_decode_CHOICE. Additionally, ber_decode_INTEGER can produce integer underflows when the encoded length is zero. An attacker supplying a malformed BER-encoded cryptographic object through PKCS#11 operations such as C_CreateObject or C_UnwrapKey, token loading from disk, or remote backend communication can trigger out-of-bounds reads. This affects all token backends (Soft, ICA, CCA, TPM, EP11, ICSF) since the vulnerable code is in the shared common library. A patch is available thorugh commit ed378f463ef73364c89feb0fc923f4dc867332a3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-16
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40253
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
opencryptoki_project opencryptoki to 3.26.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in openCryptoki, a PKCS#11 library used on Linux and AIX systems. In versions 3.26.0 and below, the BER/DER decoding functions in the shared library accept a raw pointer without a buffer length parameter and trust attacker-controlled BER length fields without validating them against actual buffer boundaries.

All primitive decoders such as ber_decode_INTEGER, ber_decode_SEQUENCE, ber_decode_OCTET_STRING, ber_decode_BIT_STRING, and ber_decode_CHOICE are affected. Specifically, ber_decode_INTEGER can cause integer underflows when the encoded length is zero.

An attacker can supply malformed BER-encoded cryptographic objects through PKCS#11 operations like C_CreateObject or C_UnwrapKey, token loading from disk, or remote backend communication to trigger out-of-bounds reads. This affects all token backends because the vulnerable code is in the shared common library.

Impact Analysis

The vulnerability can lead to out-of-bounds reads when processing malformed BER-encoded cryptographic objects. This can cause application crashes or potentially expose sensitive memory contents.

The CVSS score of 6.8 indicates a medium severity impact with local attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, low confidentiality impact, no integrity impact, and high availability impact.

Therefore, the main impact is denial of service or information disclosure through memory exposure, which can affect the availability and confidentiality of cryptographic operations.

Mitigation Strategies

To mitigate this vulnerability, apply the available patch provided through commit ed378f463ef73364c89feb0fc923f4dc867332a3 to update openCryptoki to a version above 3.26.0.

Since the vulnerability affects all token backends due to shared library code, ensure that all instances of openCryptoki on your systems are updated.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40253. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart