Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-31789 (GCVE-0-2026-31789)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09
VLAI
EPSS
VEX
Title
Heap Buffer Overflow in Hexadecimal Conversion
Summary
Issue summary: Converting an excessively large OCTET STRING value to
a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
Impact summary: A heap buffer overflow may lead to a crash or possibly
an attacker controlled code execution or other undefined behavior.
If an attacker can supply a crafted X.509 certificate with an excessively
large OCTET STRING value in extensions such as the Subject Key Identifier
(SKID) or Authority Key Identifier (AKID) which are being converted to hex,
the size of the buffer needed for the result is calculated as multiplication
of the input length by 3. On 32 bit platforms, this multiplication may overflow
resulting in the allocation of a smaller buffer and a heap buffer overflow.
Applications and services that print or log contents of untrusted X.509
certificates are vulnerable to this issue. As the certificates would have
to have sizes of over 1 Gigabyte, printing or logging such certificates
is a fairly unlikely operation and only 32 bit platforms are affected,
this issue was assigned Low severity.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.6.0 , < 3.6.2
(semver)
Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
Date Public
2026-04-07 14:00
Credits
Quoc Tran (Xint.io - US Team)
Igor Ustinov
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-31789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T03:56:05.246752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T20:08:19.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:05.071Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Quoc Tran (Xint.io - US Team)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Ustinov"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Converting an excessively large OCTET STRING value to\u003cbr\u003ea hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\u003cbr\u003e\u003cbr\u003eImpact summary: A heap buffer overflow may lead to a crash or possibly\u003cbr\u003ean attacker controlled code execution or other undefined behavior.\u003cbr\u003e\u003cbr\u003eIf an attacker can supply a crafted X.509 certificate with an excessively\u003cbr\u003elarge OCTET STRING value in extensions such as the Subject Key Identifier\u003cbr\u003e(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\u003cbr\u003ethe size of the buffer needed for the result is calculated as multiplication\u003cbr\u003eof the input length by 3. On 32 bit platforms, this multiplication may overflow\u003cbr\u003eresulting in the allocation of a smaller buffer and a heap buffer overflow.\u003cbr\u003e\u003cbr\u003eApplications and services that print or log contents of untrusted X.509\u003cbr\u003ecertificates are vulnerable to this issue. As the certificates would have\u003cbr\u003eto have sizes of over 1 Gigabyte, printing or logging such certificates\u003cbr\u003eis a fairly unlikely operation and only 32 bit platforms are affected,\u003cbr\u003ethis issue was assigned Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:54.983Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Heap Buffer Overflow in Hexadecimal Conversion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-31789",
"datePublished": "2026-04-07T22:00:54.983Z",
"dateReserved": "2026-03-09T15:56:53.191Z",
"dateUpdated": "2026-05-12T12:09:05.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-31789",
"date": "2026-07-11",
"epss": "0.00225",
"percentile": "0.1314"
},
"microsoft_vex": {
"current_release_date": "2026-06-02T01:47:02.000Z",
"cve": "CVE-2026-31789",
"id": "msrc_CVE-2026-31789",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"product_status:fixed": "1",
"product_status:known_affected": "5",
"product_status:known_not_affected": "7",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Heap Buffer Overflow in Hexadecimal Conversion",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-31789.json",
"version": "10"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31789\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-04-07T22:16:21.617\",\"lastModified\":\"2026-06-17T10:34:28.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: Converting an excessively large OCTET STRING value to\\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\\n\\nImpact summary: A heap buffer overflow may lead to a crash or possibly\\nan attacker controlled code execution or other undefined behavior.\\n\\nIf an attacker can supply a crafted X.509 certificate with an excessively\\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\\nthe size of the buffer needed for the result is calculated as multiplication\\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\\n\\nApplications and services that print or log contents of untrusted X.509\\ncertificates are vulnerable to this issue. As the certificates would have\\nto have sizes of over 1 Gigabyte, printing or logging such certificates\\nis a fairly unlikely operation and only 32 bit platforms are affected,\\nthis issue was assigned Low severity.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\\nissue, as the affected code is outside the OpenSSL FIPS module boundary.\"}],\"affected\":[{\"source\":\"openssl-security@openssl.org\",\"affectedData\":[{\"vendor\":\"OpenSSL\",\"product\":\"OpenSSL\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"3.6.0\",\"lessThan\":\"3.6.2\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.5.0\",\"lessThan\":\"3.5.6\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.4.0\",\"lessThan\":\"3.4.5\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.3.0\",\"lessThan\":\"3.3.7\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"3.0.0\",\"lessThan\":\"3.0.20\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"SIMATIC CN 4100\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V5.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H\",\"baseScore\":5.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":4.7}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-09T03:56:05.246752Z\",\"id\":\"CVE-2026-31789\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.20\",\"matchCriteriaId\":\"B28A8143-89A4-4332-A1F8-A65FB5AA829F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.7\",\"matchCriteriaId\":\"CF303B21-D9BF-461D-B7B0-A3FE1D557A9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.5\",\"matchCriteriaId\":\"DCCE43D0-8F17-475D-9EE6-842F758A9905\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.6\",\"matchCriteriaId\":\"F6BC0271-444D-4597-BF05-DC60034EAA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.2\",\"matchCriteriaId\":\"4A9E621D-29D8-418A-BF37-BED333C14507\"}]}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://openssl-library.org/news/secadv/20260407.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"redhat_vex": {
"aggregate_severity": "Low",
"current_release_date": "2026-06-28T07:28:14+00:00",
"cve": "CVE-2026-31789",
"id": "CVE-2026-31789",
"initial_release_date": "2026-04-07T00:00:00+00:00",
"product_status:fixed": "3",
"product_status:known_affected": "68",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31789.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-31789\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-09T03:56:05.246752Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-13T13:00:34.871Z\"}}], \"cna\": {\"title\": \"Heap Buffer Overflow in Hexadecimal Conversion\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Quoc Tran (Xint.io - US Team)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Igor Ustinov\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"Low\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.5\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.3.0\", \"lessThan\": \"3.3.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.20\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-07T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20260407.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9\", \"name\": \"3.6.2 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49\", \"name\": \"3.5.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde\", \"name\": \"3.4.5 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf\", \"name\": \"3.3.7 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521\", \"name\": \"3.0.20 git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: Converting an excessively large OCTET STRING value to\\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\\n\\nImpact summary: A heap buffer overflow may lead to a crash or possibly\\nan attacker controlled code execution or other undefined behavior.\\n\\nIf an attacker can supply a crafted X.509 certificate with an excessively\\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\\nthe size of the buffer needed for the result is calculated as multiplication\\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\\n\\nApplications and services that print or log contents of untrusted X.509\\ncertificates are vulnerable to this issue. As the certificates would have\\nto have sizes of over 1 Gigabyte, printing or logging such certificates\\nis a fairly unlikely operation and only 32 bit platforms are affected,\\nthis issue was assigned Low severity.\\n\\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\\nissue, as the affected code is outside the OpenSSL FIPS module boundary.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: Converting an excessively large OCTET STRING value to\u003cbr\u003ea hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\u003cbr\u003e\u003cbr\u003eImpact summary: A heap buffer overflow may lead to a crash or possibly\u003cbr\u003ean attacker controlled code execution or other undefined behavior.\u003cbr\u003e\u003cbr\u003eIf an attacker can supply a crafted X.509 certificate with an excessively\u003cbr\u003elarge OCTET STRING value in extensions such as the Subject Key Identifier\u003cbr\u003e(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\u003cbr\u003ethe size of the buffer needed for the result is calculated as multiplication\u003cbr\u003eof the input length by 3. On 32 bit platforms, this multiplication may overflow\u003cbr\u003eresulting in the allocation of a smaller buffer and a heap buffer overflow.\u003cbr\u003e\u003cbr\u003eApplications and services that print or log contents of untrusted X.509\u003cbr\u003ecertificates are vulnerable to this issue. As the certificates would have\u003cbr\u003eto have sizes of over 1 Gigabyte, printing or logging such certificates\u003cbr\u003eis a fairly unlikely operation and only 32 bit platforms are affected,\u003cbr\u003ethis issue was assigned Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2026-04-07T22:00:54.983Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-31789\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-10T20:08:19.604Z\", \"dateReserved\": \"2026-03-09T15:56:53.191Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2026-04-07T22:00:54.983Z\", \"assignerShortName\": \"openssl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2026-0995
Vulnerability from csaf_certbund - Published: 2026-04-07 22:00 - Updated: 2026-06-17 22:00Summary
OpenSSL: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.
Angriff: Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuführen, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenSSL <3.3.7
Open Source / OpenSSL
|
<3.3.7 | ||
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Open Source OpenSSL <3.0.20
Open Source / OpenSSL
|
<3.0.20 | ||
|
Open Source OpenSSL <3.5.6
Open Source / OpenSSL
|
<3.5.6 | ||
|
Open Source OpenSSL <3.4.5
Open Source / OpenSSL
|
<3.4.5 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source OpenSSL <1.1.1zg
Open Source / OpenSSL
|
<1.1.1zg | ||
|
Open Source OpenSSL <1.0.2zp
Open Source / OpenSSL
|
<1.0.2zp | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
NetApp AFF Baseboard Management Controller
NetApp / AFF
|
cpe:/h:netapp:aff:::baseboard_management_controller
|
Baseboard Management Controller | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Open Source OpenSSL <3.6.2
Open Source / OpenSSL
|
<3.6.2 | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NetApp FAS Baseboard Management Controller
NetApp / FAS
|
cpe:/h:netapp:fas:baseboard_management_controller
|
Baseboard Management Controller | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenSSL <3.3.7
Open Source / OpenSSL
|
<3.3.7 | ||
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Open Source OpenSSL <3.0.20
Open Source / OpenSSL
|
<3.0.20 | ||
|
Open Source OpenSSL <3.5.6
Open Source / OpenSSL
|
<3.5.6 | ||
|
Open Source OpenSSL <3.4.5
Open Source / OpenSSL
|
<3.4.5 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source OpenSSL <1.1.1zg
Open Source / OpenSSL
|
<1.1.1zg | ||
|
Open Source OpenSSL <1.0.2zp
Open Source / OpenSSL
|
<1.0.2zp | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
NetApp AFF Baseboard Management Controller
NetApp / AFF
|
cpe:/h:netapp:aff:::baseboard_management_controller
|
Baseboard Management Controller | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Open Source OpenSSL <3.6.2
Open Source / OpenSSL
|
<3.6.2 | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NetApp FAS Baseboard Management Controller
NetApp / FAS
|
cpe:/h:netapp:fas:baseboard_management_controller
|
Baseboard Management Controller | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenSSL <3.3.7
Open Source / OpenSSL
|
<3.3.7 | ||
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Open Source OpenSSL <3.0.20
Open Source / OpenSSL
|
<3.0.20 | ||
|
Open Source OpenSSL <3.5.6
Open Source / OpenSSL
|
<3.5.6 | ||
|
Open Source OpenSSL <3.4.5
Open Source / OpenSSL
|
<3.4.5 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source OpenSSL <1.1.1zg
Open Source / OpenSSL
|
<1.1.1zg | ||
|
Open Source OpenSSL <1.0.2zp
Open Source / OpenSSL
|
<1.0.2zp | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
NetApp AFF Baseboard Management Controller
NetApp / AFF
|
cpe:/h:netapp:aff:::baseboard_management_controller
|
Baseboard Management Controller | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Open Source OpenSSL <3.6.2
Open Source / OpenSSL
|
<3.6.2 | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NetApp FAS Baseboard Management Controller
NetApp / FAS
|
cpe:/h:netapp:fas:baseboard_management_controller
|
Baseboard Management Controller | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenSSL <3.3.7
Open Source / OpenSSL
|
<3.3.7 | ||
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Open Source OpenSSL <3.0.20
Open Source / OpenSSL
|
<3.0.20 | ||
|
Open Source OpenSSL <3.5.6
Open Source / OpenSSL
|
<3.5.6 | ||
|
Open Source OpenSSL <3.4.5
Open Source / OpenSSL
|
<3.4.5 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source OpenSSL <1.1.1zg
Open Source / OpenSSL
|
<1.1.1zg | ||
|
Open Source OpenSSL <1.0.2zp
Open Source / OpenSSL
|
<1.0.2zp | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
NetApp AFF Baseboard Management Controller
NetApp / AFF
|
cpe:/h:netapp:aff:::baseboard_management_controller
|
Baseboard Management Controller | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Open Source OpenSSL <3.6.2
Open Source / OpenSSL
|
<3.6.2 | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NetApp FAS Baseboard Management Controller
NetApp / FAS
|
cpe:/h:netapp:fas:baseboard_management_controller
|
Baseboard Management Controller | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenSSL <3.3.7
Open Source / OpenSSL
|
<3.3.7 | ||
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Open Source OpenSSL <3.0.20
Open Source / OpenSSL
|
<3.0.20 | ||
|
Open Source OpenSSL <3.5.6
Open Source / OpenSSL
|
<3.5.6 | ||
|
Open Source OpenSSL <3.4.5
Open Source / OpenSSL
|
<3.4.5 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source OpenSSL <1.1.1zg
Open Source / OpenSSL
|
<1.1.1zg | ||
|
Open Source OpenSSL <1.0.2zp
Open Source / OpenSSL
|
<1.0.2zp | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
NetApp AFF Baseboard Management Controller
NetApp / AFF
|
cpe:/h:netapp:aff:::baseboard_management_controller
|
Baseboard Management Controller | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Open Source OpenSSL <3.6.2
Open Source / OpenSSL
|
<3.6.2 | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NetApp FAS Baseboard Management Controller
NetApp / FAS
|
cpe:/h:netapp:fas:baseboard_management_controller
|
Baseboard Management Controller | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenSSL <3.3.7
Open Source / OpenSSL
|
<3.3.7 | ||
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Open Source OpenSSL <3.0.20
Open Source / OpenSSL
|
<3.0.20 | ||
|
Open Source OpenSSL <3.5.6
Open Source / OpenSSL
|
<3.5.6 | ||
|
Open Source OpenSSL <3.4.5
Open Source / OpenSSL
|
<3.4.5 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source OpenSSL <1.1.1zg
Open Source / OpenSSL
|
<1.1.1zg | ||
|
Open Source OpenSSL <1.0.2zp
Open Source / OpenSSL
|
<1.0.2zp | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
NetApp AFF Baseboard Management Controller
NetApp / AFF
|
cpe:/h:netapp:aff:::baseboard_management_controller
|
Baseboard Management Controller | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Open Source OpenSSL <3.6.2
Open Source / OpenSSL
|
<3.6.2 | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NetApp FAS Baseboard Management Controller
NetApp / FAS
|
cpe:/h:netapp:fas:baseboard_management_controller
|
Baseboard Management Controller | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source OpenSSL <3.3.7
Open Source / OpenSSL
|
<3.3.7 | ||
|
Red Hat Ansible Automation Platform 2.6
Red Hat / Ansible Automation Platform
|
cpe:/a:redhat:ansible_automation_platform:2.6
|
2.6 | |
|
Open Source OpenSSL <3.0.20
Open Source / OpenSSL
|
<3.0.20 | ||
|
Open Source OpenSSL <3.5.6
Open Source / OpenSSL
|
<3.5.6 | ||
|
Open Source OpenSSL <3.4.5
Open Source / OpenSSL
|
<3.4.5 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Open Source OpenSSL <1.1.1zg
Open Source / OpenSSL
|
<1.1.1zg | ||
|
Open Source OpenSSL <1.0.2zp
Open Source / OpenSSL
|
<1.0.2zp | ||
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat Enterprise Linux Update Infrastructure 5.1
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1
|
Update Infrastructure 5.1 | |
|
NetApp AFF Baseboard Management Controller
NetApp / AFF
|
cpe:/h:netapp:aff:::baseboard_management_controller
|
Baseboard Management Controller | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Open Source OpenSSL <3.6.2
Open Source / OpenSSL
|
<3.6.2 | ||
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NetApp FAS Baseboard Management Controller
NetApp / FAS
|
cpe:/h:netapp:fas:baseboard_management_controller
|
Baseboard Management Controller | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
NCP Secure Enterprise VPN Server <14.10 r32489
NCP / Secure Enterprise VPN Server
|
<14.10 r32489 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Microsoft Azure Linux azl3
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3
|
azl3 | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
References
63 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in OpenSSL ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0995 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0995.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0995 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0995"
},
{
"category": "external",
"summary": "OpenSSL Security Advisory vom 2026-04-07",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"category": "external",
"summary": "OpenSSL Vulnerabilities vom 2026-04-07",
"url": "https://openssl-library.org/news/vulnerabilities/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6201 vom 2026-04-08",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00111.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1214-1 vom 2026-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025167.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1216-1 vom 2026-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025165.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8155-1 vom 2026-04-08",
"url": "https://ubuntu.com/security/notices/USN-8155-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1213-1 vom 2026-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025168.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1215-1 vom 2026-04-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025166.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8155-2 vom 2026-04-09",
"url": "https://ubuntu.com/security/notices/USN-8155-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1256-1 vom 2026-04-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025199.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1255-1 vom 2026-04-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025200.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1257-1 vom 2026-04-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025198.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10533-1 vom 2026-04-12",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Q3L6UO5MQYWT5OTNC6A64RQTAMSGR6D3/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21037-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025303.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1290-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025312.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1291-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025311.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21065-1 vom 2026-04-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025275.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3249 vom 2026-04-14",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3249.html"
},
{
"category": "external",
"summary": "Microsoft Security Update Guide vom 2026-04-14",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21107-1 vom 2026-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025373.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1375-1 vom 2026-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025384.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1386-1 vom 2026-04-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025395.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1429-1 vom 2026-04-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025435.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21186-1 vom 2026-04-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025505.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20260417-0017 vom 2026-04-21",
"url": "https://security.netapp.com/advisory/NTAP-20260417-0017"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1549-1 vom 2026-04-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025567.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1550-1 vom 2026-04-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025566.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1577-1 vom 2026-04-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025597.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1562-1 vom 2026-04-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025576.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21244-1 vom 2026-04-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025592.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1605-1 vom 2026-04-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025615.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2OPENSSL-SNAPSAFE-2026-010 vom 2026-04-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2OPENSSL-SNAPSAFE-2026-010.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3274 vom 2026-04-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3274.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3275 vom 2026-04-30",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3275.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12195 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:12195"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271681 vom 2026-05-04",
"url": "https://www.ibm.com/support/pages/node/7271681"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1711-1 vom 2026-05-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025892.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:14937 vom 2026-05-08",
"url": "https://access.redhat.com/errata/RHSA-2026:14937"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19066 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19066"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19218 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19218"
},
{
"category": "external",
"summary": "Container-Optimized OS release notes vom 2026-05-26",
"url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#May_21_2026"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21275 vom 2026-05-27",
"url": "https://access.redhat.com/errata/RHSA-2026:21275"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22314 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22314"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22313 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22313"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22315 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22315"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22312 vom 2026-06-01",
"url": "https://access.redhat.com/errata/RHSA-2026:22312"
},
{
"category": "external",
"summary": "NCP Secure Enterprise VPN Server Release Notes vom 2026-06-02",
"url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Secure_Enterprise_VPN_Server_Linux/de/NCP_RN_Linux_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
},
{
"category": "external",
"summary": "NCP Secure Enterprise VPN Server Release Notes vom 2026-06-02",
"url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Secure_Enterprise_VPN_Server_Win/de/NCP_RN_Win_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
},
{
"category": "external",
"summary": "NCP Secure Enterprise VPN Server Release Notes vom 2026-06-02",
"url": "https://www.ncp-e.com/fileadmin/_NCP/pdf/library/release_notes/NCP_Secure_Enterprise_Solution/NCP_Virtual_Secure_Enterprise_VPN_Server/de/NCP_RN_Virtual_Secure_Enterprise_VPN_Server_14_10_r32489_de.pdf"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:22312 vom 2026-06-02",
"url": "https://errata.build.resf.org/RLSA-2026:22312"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22634 vom 2026-06-02",
"url": "https://access.redhat.com/errata/RHSA-2026:22634"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-22315 vom 2026-06-03",
"url": "https://linux.oracle.com/errata/ELSA-2026-22315.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:22313 vom 2026-06-02",
"url": "https://errata.build.resf.org/RLSA-2026:22313"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:22315 vom 2026-06-05",
"url": "https://errata.build.resf.org/RLSA-2026:22315"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:22314 vom 2026-06-05",
"url": "https://errata.build.resf.org/RLSA-2026:22314"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4624 vom 2026-06-09",
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00013.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24866 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24866"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2399-1 vom 2026-06-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026759.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2396-1 vom 2026-06-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026761.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:26319 vom 2026-06-16",
"url": "https://access.redhat.com/errata/RHSA-2026:26319"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22132-1 vom 2026-06-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026811.html"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-17T22:00:00.000+00:00",
"generator": {
"date": "2026-06-18T08:30:40.035+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0995",
"initial_release_date": "2026-04-07T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-07T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-08T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2026-04-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE und openSUSE aufgenommen"
},
{
"date": "2026-04-13T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2026-04-14T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-16T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-19T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE und NetApp aufgenommen"
},
{
"date": "2026-04-22T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-23T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-26T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-04-29T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-26T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-06-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-15T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-17T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "30"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"branches": [
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c14.10 r32489",
"product": {
"name": "NCP Secure Enterprise VPN Server \u003c14.10 r32489",
"product_id": "T054958"
}
},
{
"category": "product_version",
"name": "14.10 r32489",
"product": {
"name": "NCP Secure Enterprise VPN Server 14.10 r32489",
"product_id": "T054958-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ncp-e:secure_enterprise_vpn_server:14.10_r32489"
}
}
}
],
"category": "product_name",
"name": "Secure Enterprise VPN Server"
}
],
"category": "vendor",
"name": "NCP"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Baseboard Management Controller",
"product": {
"name": "NetApp AFF Baseboard Management Controller",
"product_id": "T025086",
"product_identification_helper": {
"cpe": "cpe:/h:netapp:aff:::baseboard_management_controller"
}
}
}
],
"category": "product_name",
"name": "AFF"
},
{
"branches": [
{
"category": "product_version",
"name": "Baseboard Management Controller",
"product": {
"name": "NetApp FAS Baseboard Management Controller",
"product_id": "T043535",
"product_identification_helper": {
"cpe": "cpe:/h:netapp:fas:baseboard_management_controller"
}
}
}
],
"category": "product_name",
"name": "FAS"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.6.2",
"product": {
"name": "Open Source OpenSSL \u003c3.6.2",
"product_id": "T052469"
}
},
{
"category": "product_version",
"name": "3.6.2",
"product": {
"name": "Open Source OpenSSL 3.6.2",
"product_id": "T052469-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.6.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.5.6",
"product": {
"name": "Open Source OpenSSL \u003c3.5.6",
"product_id": "T052470"
}
},
{
"category": "product_version",
"name": "3.5.6",
"product": {
"name": "Open Source OpenSSL 3.5.6",
"product_id": "T052470-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.5.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.4.5",
"product": {
"name": "Open Source OpenSSL \u003c3.4.5",
"product_id": "T052471"
}
},
{
"category": "product_version",
"name": "3.4.5",
"product": {
"name": "Open Source OpenSSL 3.4.5",
"product_id": "T052471-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.4.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.3.7",
"product": {
"name": "Open Source OpenSSL \u003c3.3.7",
"product_id": "T052472"
}
},
{
"category": "product_version",
"name": "3.3.7",
"product": {
"name": "Open Source OpenSSL 3.3.7",
"product_id": "T052472-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.3.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c3.0.20",
"product": {
"name": "Open Source OpenSSL \u003c3.0.20",
"product_id": "T052473"
}
},
{
"category": "product_version",
"name": "3.0.20",
"product": {
"name": "Open Source OpenSSL 3.0.20",
"product_id": "T052473-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:3.0.20"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.1.1zg",
"product": {
"name": "Open Source OpenSSL \u003c1.1.1zg",
"product_id": "T052474"
}
},
{
"category": "product_version",
"name": "1.1.1zg",
"product": {
"name": "Open Source OpenSSL 1.1.1zg",
"product_id": "T052474-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.1.1zg"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.0.2zp",
"product": {
"name": "Open Source OpenSSL \u003c1.0.2zp",
"product_id": "T052475"
}
},
{
"category": "product_version",
"name": "1.0.2zp",
"product": {
"name": "Open Source OpenSSL 1.0.2zp",
"product_id": "T052475-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.0.2zp"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.6",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6",
"product_id": "849D5C3D-731E-4D19-801F-338FD159A1BB",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
}
}
}
],
"category": "product_name",
"name": "Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Update Infrastructure 5.1",
"product": {
"name": "Red Hat Enterprise Linux Update Infrastructure 5.1",
"product_id": "T054761",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:update_infrastructure_5.1"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-28386",
"product_status": {
"known_affected": [
"T052472",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T052473",
"T052470",
"T052471",
"67646",
"T004914",
"T052474",
"T052475",
"1139691",
"398363",
"T054761",
"T025086",
"434967",
"T052469",
"1522854",
"T032255",
"2951",
"T002207",
"T043535",
"T000126",
"T054958",
"T027843",
"T049210",
"1607324"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-28386"
},
{
"cve": "CVE-2026-28387",
"product_status": {
"known_affected": [
"T052472",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T052473",
"T052470",
"T052471",
"67646",
"T004914",
"T052474",
"T052475",
"1139691",
"398363",
"T054761",
"T025086",
"434967",
"T052469",
"1522854",
"T032255",
"2951",
"T002207",
"T043535",
"T000126",
"T054958",
"T027843",
"T049210",
"1607324"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-28387"
},
{
"cve": "CVE-2026-28388",
"product_status": {
"known_affected": [
"T052472",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T052473",
"T052470",
"T052471",
"67646",
"T004914",
"T052474",
"T052475",
"1139691",
"398363",
"T054761",
"T025086",
"434967",
"T052469",
"1522854",
"T032255",
"2951",
"T002207",
"T043535",
"T000126",
"T054958",
"T027843",
"T049210",
"1607324"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-28388"
},
{
"cve": "CVE-2026-28389",
"product_status": {
"known_affected": [
"T052472",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T052473",
"T052470",
"T052471",
"67646",
"T004914",
"T052474",
"T052475",
"1139691",
"398363",
"T054761",
"T025086",
"434967",
"T052469",
"1522854",
"T032255",
"2951",
"T002207",
"T043535",
"T000126",
"T054958",
"T027843",
"T049210",
"1607324"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-28389"
},
{
"cve": "CVE-2026-28390",
"product_status": {
"known_affected": [
"T052472",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T052473",
"T052470",
"T052471",
"67646",
"T004914",
"T052474",
"T052475",
"1139691",
"398363",
"T054761",
"T025086",
"434967",
"T052469",
"1522854",
"T032255",
"2951",
"T002207",
"T043535",
"T000126",
"T054958",
"T027843",
"T049210",
"1607324"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-28390"
},
{
"cve": "CVE-2026-31789",
"product_status": {
"known_affected": [
"T052472",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T052473",
"T052470",
"T052471",
"67646",
"T004914",
"T052474",
"T052475",
"1139691",
"398363",
"T054761",
"T025086",
"434967",
"T052469",
"1522854",
"T032255",
"2951",
"T002207",
"T043535",
"T000126",
"T054958",
"T027843",
"T049210",
"1607324"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-31789"
},
{
"cve": "CVE-2026-31790",
"product_status": {
"known_affected": [
"T052472",
"849D5C3D-731E-4D19-801F-338FD159A1BB",
"T052473",
"T052470",
"T052471",
"67646",
"T004914",
"T052474",
"T052475",
"1139691",
"398363",
"T054761",
"T025086",
"434967",
"T052469",
"1522854",
"T032255",
"2951",
"T002207",
"T043535",
"T000126",
"T054958",
"T027843",
"T049210",
"1607324"
]
},
"release_date": "2026-04-07T22:00:00.000+00:00",
"title": "CVE-2026-31790"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…