Description
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#7 signature verification.

Impact summary: A use-after-free may result in process crashes, heap
corruption, or potentially remote code execution.

When processing a PKCS#7 or S/MIME signed message, if the SignedData
digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may
incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent
use of the BIO by the calling application results in a use-after-free
condition.

In the common case this occurs when the application later calls
BIO_free() on the BIO originally passed to PKCS7_verify(). Depending
on allocator behavior and application-specific BIO usage patterns, this
may result in a crash or other memory corruption. In some application
contexts this may potentially be exploitable for remote code execution.

Applications that process PKCS#7 or S/MIME signed messages using OpenSSL
PKCS#7 APIs may be affected. Applications using the CMS APIs for this
processing are not affected.

The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Published: 2026-06-09
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A specially crafted PKCS#7 or S/MIME signed message can trigger a use‑after‑free during signature verification in OpenSSL's PKCS7_verify function. The vulnerability can lead to crashes, heap corruption, or potentially remote code execution if an attacker controls the message content. The flaw stems from an incorrectly freed caller‑owned BIO when the SignedData digestAlgorithms field is an empty ASN.1 SET, causing subsequent use of that BIO to reference freed memory.

Affected Systems

The flaw affects the OpenSSL library itself, including all non‑FIPS builds that use the PKCS#7 APIs. The issue is not present in the FIPS modules in OpenSSL 4.0, 3.6, 3.5, 3.4, or 3.0. Any application that processes PKCS#7 or S/MIME signed messages via the PKCS#7 interface is potentially vulnerable, whereas applications using the CMS APIs are not impacted.

Risk and Exploitability

The CVSS score is 9.8, indicating critical severity, and the EPSS is not available, so the exact exploitation likelihood remains uncertain. The vulnerability is listed in no CISA KEV catalog. The attack vector is inferred to be remote, with an attacker delivering a malicious signed message to an OpenSSL‑based application. Successful exploitation requires that the application later frees the affected BIO, leading to a crash or memory corruption which could be leveraged for code execution in some contexts.

Generated by OpenCVE AI on June 9, 2026 at 22:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenSSL to a version that includes the patch contained in commit 3aad5eb7af4de4ee0633c30a8541a54d9bbde63c and all subsequent related commits.
  • Rebuild and redeploy all applications that depend on OpenSSL after the library update.
  • As an interim measure, avoid processing PKCS#7 or S/MIME signed messages from untrusted or unknown sources until a patched library is deployed.

Generated by OpenCVE AI on June 9, 2026 at 22:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6335-1 openssl security update
Ubuntu USN Ubuntu USN USN-8414-1 OpenSSL vulnerabilities
Ubuntu USN Ubuntu USN USN-8414-2 OpenSSL vulnerabilities
History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Openssl
Openssl openssl
Vendors & Products Openssl
Openssl openssl

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
Title Heap Use-After-Free in the PKCS7_verify() Function
Weaknesses CWE-416
References

Subscriptions

Openssl Openssl
cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published:

Updated: 2026-06-09T18:45:55.205Z

Reserved: 2026-05-12T14:34:06.277Z

Link: CVE-2026-45447

cve-icon Vulnrichment

Updated: 2026-06-09T18:36:48.165Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:19.277

Modified: 2026-06-09T20:16:58.537

Link: CVE-2026-45447

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses