CVE-2026-31789

Issue summary: Converting an excessively large OCTET STRING value to<br /> a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.<br /> <br /> Impact summary: A heap buffer overflow may lead to a crash or possibly<br /> an attacker controlled code execution or other undefined behavior.<br /> <br /> If an attacker can supply a crafted X.509 certificate with an excessively<br /> large OCTET STRING value in extensions such as the Subject Key Identifier<br /> (SKID) or Authority Key Identifier (AKID) which are being converted to hex,<br /> the size of the buffer needed for the result is calculated as multiplication<br /> of the input length by 3. On 32 bit platforms, this multiplication may overflow<br /> resulting in the allocation of a smaller buffer and a heap buffer overflow.<br /> <br /> Applications and services that print or log contents of untrusted X.509<br /> certificates are vulnerable to this issue. As the certificates would have<br /> to have sizes of over 1 Gigabyte, printing or logging such certificates<br /> is a fairly unlikely operation and only 32 bit platforms are affected,<br /> this issue was assigned Low severity.<br /> <br /> The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this<br /> issue, as the affected code is outside the OpenSSL FIPS module boundary.