Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-45447

Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-416 Utilización después de liberación
Fecha de publicación:
09/06/2026
Última modificación:
08/07/2026

Descripción

*** Pendiente de traducción *** Issue summary: A specially crafted PKCS#7 or S/MIME signed message could<br /> trigger a use-after-free during PKCS#7 signature verification.<br /> <br /> Impact summary: A use-after-free may result in process crashes, heap<br /> corruption, or potentially remote code execution.<br /> <br /> When processing a PKCS#7 or S/MIME signed message, if the SignedData<br /> digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may<br /> incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent<br /> use of the BIO by the calling application results in a use-after-free<br /> condition.<br /> <br /> In the common case this occurs when the application later calls<br /> BIO_free() on the BIO originally passed to PKCS7_verify(). Depending<br /> on allocator behavior and application-specific BIO usage patterns, this<br /> may result in a crash or other memory corruption. In some application<br /> contexts this may potentially be exploitable for remote code execution.<br /> <br /> Applications that process PKCS#7 or S/MIME signed messages using OpenSSL<br /> PKCS#7 APIs may be affected. Applications using the CMS APIs for this<br /> processing are not affected.<br /> <br /> The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this<br /> issue, as the affected code is outside the OpenSSL FIPS module boundary.

Productos y versiones vulnerables

CPE Desde Hasta
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 1.0.2 (incluyendo) 1.0.2zq (excluyendo)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 1.1.1 (incluyendo) 1.1.1zh (excluyendo)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 3.0.0 (incluyendo) 3.0.21 (excluyendo)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 3.4.0 (incluyendo) 3.4.6 (excluyendo)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 3.5.0 (incluyendo) 3.5.7 (excluyendo)
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 3.6.0 (incluyendo) 3.6.3 (excluyendo)
cpe:2.3:a:openssl:openssl:4.0.0:-:*:*:*:*:*:*