CVE-2026-45447
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-416
Utilización después de liberación
Fecha de publicación:
09/06/2026
Última modificación:
08/07/2026
Descripción
*** Pendiente de traducción *** Issue summary: A specially crafted PKCS#7 or S/MIME signed message could<br />
trigger a use-after-free during PKCS#7 signature verification.<br />
<br />
Impact summary: A use-after-free may result in process crashes, heap<br />
corruption, or potentially remote code execution.<br />
<br />
When processing a PKCS#7 or S/MIME signed message, if the SignedData<br />
digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may<br />
incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent<br />
use of the BIO by the calling application results in a use-after-free<br />
condition.<br />
<br />
In the common case this occurs when the application later calls<br />
BIO_free() on the BIO originally passed to PKCS7_verify(). Depending<br />
on allocator behavior and application-specific BIO usage patterns, this<br />
may result in a crash or other memory corruption. In some application<br />
contexts this may potentially be exploitable for remote code execution.<br />
<br />
Applications that process PKCS#7 or S/MIME signed messages using OpenSSL<br />
PKCS#7 APIs may be affected. Applications using the CMS APIs for this<br />
processing are not affected.<br />
<br />
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this<br />
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Impacto
Puntuación base 3.x
8.80
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 1.0.2 (incluyendo) | 1.0.2zq (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 1.1.1 (incluyendo) | 1.1.1zh (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.0.0 (incluyendo) | 3.0.21 (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.4.0 (incluyendo) | 3.4.6 (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.5.0 (incluyendo) | 3.5.7 (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.6.0 (incluyendo) | 3.6.3 (excluyendo) |
| cpe:2.3:a:openssl:openssl:4.0.0:-:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c
- https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8
- https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54
- https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c
- https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e
- https://openssl-library.org/news/secadv/20260609.txt
- https://access.redhat.com/errata/RHSA-2026:25237
- https://access.redhat.com/errata/RHSA-2026:25239
- https://access.redhat.com/errata/RHSA-2026:26275
- https://access.redhat.com/errata/RHSA-2026:26319
- https://access.redhat.com/errata/RHSA-2026:29197
- https://access.redhat.com/errata/RHSA-2026:34102
- https://access.redhat.com/errata/RHSA-2026:35869
- https://access.redhat.com/errata/RHSA-2026:36215
- https://access.redhat.com/errata/RHSA-2026:36217
- https://access.redhat.com/security/cve/CVE-2026-45447
- https://bugzilla.redhat.com/show_bug.cgi?id=2481898
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45447.json



