Description
Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an
application to validate a crafted e-mail address, such as during S/MIME
message validation, an out of bounds read can happen.

Impact summary: This out of bounds read will not directly exfiltrate
the data read to the attacker so the most likely result is a crash and
a Denial of Service.

An internal helper function called from X509_VERIFY_PARAM_[set|add]_email()
used a wrong length when validating the local part of an email address.
This could cause the 64 octet limit on the local part of an email address
to be not enforced, or cause an out of bound read and potentially a crash.

The bug is reachable via S-MIME validation with a crafted From: address
supplied in an email message that can potentially cause a crash.

No FIPS modules are affected by this issue as the affected code is outside
the OpenSSL FIPS module boundary.
Published: 2026-06-09
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds read occurs in the OpenSSL function X509_VERIFY_PARAM_set1_email when validating the local part of an email address. The bug allows an attacker to supply a specially crafted From: header that bypasses the 64‑octet limit or reads past the buffer. Because the data read is not exposed, the primary consequence is a crash, resulting in a denial of service for any application performing S/MIME validation.

Affected Systems

The vulnerability affects any system linking against the OpenSSL library and using S/MIME or X.509 email address validation via X509_VERIFY_PARAM_set1_email. Vendors and product names include OpenSSL OpenSSL. No specific release or version information is provided, so any installation that has not incorporated the patch is potentially vulnerable.

Risk and Exploitability

The EPSS score is not available and the issue is not listed in CISA KEV, indicating no known active exploitation. The CVSS score is 6.2, indicating medium severity; the risk is moderate for denial of service. The likely attack vector is network‑based, where an attacker sends a crafted email to a service performing S/MIME validation, causing a crash. Because no data is exfiltrated, the threat is limited to service interruption.

Generated by OpenCVE AI on June 9, 2026 at 22:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest OpenSSL release that contains the fix from the referenced commit (https://github.com/openssl/security/commit/6cd187689f8180c1f8a3acde21f88190c4a20de7).
  • If an immediate patch is unavailable, disable or remove X.509 email address validation in S/MIME processing to avoid triggering the bug.
  • Monitor application logs for unexpected crashes and, where possible, enable runtime protections such as ASLR and stack canaries to reduce impact.

Generated by OpenCVE AI on June 9, 2026 at 22:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Openssl
Openssl openssl
Vendors & Products Openssl
Openssl openssl

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the most likely result is a crash and a Denial of Service. An internal helper function called from X509_VERIFY_PARAM_[set|add]_email() used a wrong length when validating the local part of an email address. This could cause the 64 octet limit on the local part of an email address to be not enforced, or cause an out of bound read and potentially a crash. The bug is reachable via S-MIME validation with a crafted From: address supplied in an email message that can potentially cause a crash. No FIPS modules are affected by this issue as the affected code is outside the OpenSSL FIPS module boundary.
Title Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()
Weaknesses CWE-125
References

Subscriptions

Openssl Openssl
cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published:

Updated: 2026-06-09T19:00:12.343Z

Reserved: 2026-04-29T09:22:27.969Z

Link: CVE-2026-42771

cve-icon Vulnrichment

Updated: 2026-06-09T18:59:55.796Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:08.663

Modified: 2026-06-09T20:16:49.673

Link: CVE-2026-42771

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses