CVE-2026-9076
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-125
Lectura fuera de límites
Fecha de publicación:
09/06/2026
Última modificación:
16/06/2026
Descripción
*** Pendiente de traducción *** Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)<br />
processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK<br />
cipher can trigger a heap out-of-bounds read in kek_unwrap_key().<br />
<br />
Impact summary: A heap buffer over-read may trigger a crash which leads to<br />
Denial of Service for an application if the input buffer ends at a memory<br />
page boundary and the following page is unmapped. There is no information<br />
disclosure as the over-read bytes are not revealed to the attacker.<br />
<br />
The key unwrapping function performs a check-byte test as specified in the<br />
RFC that reads 7 bytes from a heap allocation that is based on the wrapped<br />
key length from the message. There is a minimum length check based on the<br />
block length of the wrapping cipher. However the cipher is selected from<br />
an OID carried in the attacker&#39;s PWRI keyEncryptionAlgorithm with no<br />
requirement that the cipher be a block cipher. When an attacker selects<br />
a stream-mode cipher the guard will be ineffective and the allocated buffer<br />
containing the unwrapped key can be too small to fit the check-bytes<br />
specified in the RFC and a buffer over-read can happen.<br />
<br />
Applications calling CMS_decrypt() or CMS_decrypt_set1_password()<br />
(equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS<br />
data are vulnerable to this issue. No password knowledge is required: the<br />
over-read happens during the unwrap attempt before any authentication<br />
succeeds.<br />
<br />
The over-read is limited to a few bytes and is not written to output, so<br />
there is no information disclosure. Triggering a crash requires the<br />
allocation to border unmapped memory, which is unlikely with the normal<br />
allocator.<br />
<br />
The FIPS modules are not affected by this issue.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 1.0.2 (incluyendo) | 1.0.2zq (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 1.1.1 (incluyendo) | 1.1.1zh (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.0.0 (incluyendo) | 3.0.21 (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.4.0 (incluyendo) | 3.4.6 (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.5.0 (incluyendo) | 3.5.7 (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.6.0 (incluyendo) | 3.6.3 (excluyendo) |
| cpe:2.3:a:openssl:openssl:4.0.0:-:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://github.com/openssl/openssl/commit/05b066366842f930fadd9a6e94df98030af431bb
- https://github.com/openssl/openssl/commit/3d8d5bc1056b2f62da9fede23fedbf47e85187b0
- https://github.com/openssl/openssl/commit/715349a1d7c6db970e6815dafb90915f07307f98
- https://github.com/openssl/openssl/commit/77bf00ab13f6ff5e516535432f0328ed70ec0c26
- https://github.com/openssl/openssl/commit/eecbe330977e8d023aae1ca2d9bdbe983ef3fdc6
- https://openssl-library.org/news/secadv/20260609.txt



