Description
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
element whose content exceeds 2 gigabytes in length may cause a heap buffer
over-read on 64-bit Unix and Unix-like platforms.

Impact summary: The heap buffer over-read may crash the application (Denial of
Service) or to load into the decoded ASN.1 object contents of memory beyond the
end of the input buffer. More typically such ASN.1 elements would instead be
truncated.

An integer truncation in OpenSSL's ASN.1 decoder causes the content length of
an ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In the
worst case the truncated length is treated as a request to scan the binary
content for a terminating zero byte, possibly causing OpenSSL to read either
less than or beyond the end of the allocated buffer.

Applications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), or
any other d2i_* decoding function are affected. OpenSSL's own command-line
tools are not vulnerable, as data read through the BIO layer is checked before
it reaches the affected code. The issue only affects 64-bit Unix and Unix-like
platforms; 32-bit platforms and 64-bit Windows are not affected.

The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue,
as the affected code is outside the OpenSSL FIPS module boundary.
Published: 2026-06-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Parsing a crafted DER-encoded ASN.1 structure that declares a primitive element longer than 2 gigabytes causes OpenSSL to read far beyond the end of the input buffer. The integer truncation flaw makes the decoder treat the overflow as a request for a terminating zero byte, which can result in an over‑read of memory, possible data leakage, or an application crash. The over‑read may not always terminate the buffer, instead simply truncating the value and corrupting the decoded object.

Affected Systems

The flaw affects OpenSSL libraries installed on 64‑bit Unix and Unix‑like operating systems. Any application that invokes d2i_X509, d2i_PKCS7, or other d2i_* decoding functions is vulnerable. The OpenSSL command‑line tools are safe because they validate input before reaching the vulnerable code. FIPS modules in versions 4.0, 3.6, 3.5, 3.4 and 3.0 are not, nor are 32‑bit platforms or 64‑bit Windows.

Risk and Exploitability

An attacker can deliver a malicious ASN.1 message through a network connection, file input, or other channel that is parsed by an OpenSSL‑dependent program. The exploit would trigger the heap over‑read, potentially causing a denial of service or leaking data that lies just beyond the input buffer. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.5 indicates a high severity, confirming that the large input length requirement and the potential for memory disclosure represent a serious risk if the vulnerable functions are exposed. Based on the description, the likely attack vector involves crafted input delivered to the vulnerable decoding routines.

Generated by OpenCVE AI on June 9, 2026 at 22:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenSSL to a version that contains the fix for the ASN.1 length truncation bug.
  • Review and update any application code that uses d2i_X509, d2i_PKCS7, or other d2i_* functions to validate input lengths before passing data to OpenSSL.
  • If an immediate upgrade is not feasible, implement strict size limits or additional validation to reject DER objects with primitive element lengths exceeding 2 gigabytes before invoking the decoder.

Generated by OpenCVE AI on June 9, 2026 at 22:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6335-1 openssl security update
Ubuntu USN Ubuntu USN USN-8414-1 OpenSSL vulnerabilities
Ubuntu USN Ubuntu USN USN-8414-2 OpenSSL vulnerabilities
History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Openssl
Openssl openssl
Vendors & Products Openssl
Openssl openssl

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application (Denial of Service) or to load into the decoded ASN.1 object contents of memory beyond the end of the input buffer. More typically such ASN.1 elements would instead be truncated. An integer truncation in OpenSSL's ASN.1 decoder causes the content length of an ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In the worst case the truncated length is treated as a request to scan the binary content for a terminating zero byte, possibly causing OpenSSL to read either less than or beyond the end of the allocated buffer. Applications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), or any other d2i_* decoding function are affected. OpenSSL's own command-line tools are not vulnerable, as data read through the BIO layer is checked before it reaches the affected code. The issue only affects 64-bit Unix and Unix-like platforms; 32-bit platforms and 64-bit Windows are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
Title Heap Buffer Over-read in ASN.1 Content Parsing
Weaknesses CWE-125
References

Subscriptions

Openssl Openssl
cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published:

Updated: 2026-06-09T19:02:24.228Z

Reserved: 2026-03-26T09:29:36.012Z

Link: CVE-2026-34180

cve-icon Vulnrichment

Updated: 2026-06-09T19:02:17.689Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:04.600

Modified: 2026-06-09T20:16:36.033

Link: CVE-2026-34180

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses