OpenSSL Issues Major Security Advisory: RSA and Memory Vulnerabilities Fixed
Do Son 
OpenSSL has released a comprehensive security advisory detailing seven vulnerabilities ranging from Moderate to Low severity. The report, dated April 7, 2026, highlights critical fixes for modern versions of the library, including a significant flaw in how RSA key encapsulation handles failures.
RSA Memory Leak (CVE-2026-31790)
The most pressing issue in this advisory is a Moderate severity vulnerability involving incorrect failure handling in RSASVE. According to the advisory, “Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer”.
This leak occurs because the software fails to properly check if an encryption task actually succeeded. While the standard RSA_public_encrypt() function “returns the number of bytes written on success and -1 on error,” the affected OpenSSL code “tests only whether the return value is non-zero”. This oversight means that even if the encryption fails, the system might proceed as if it worked, inadvertently handing over “stale or uninitialized contents” of memory that could contain sensitive data from previous application tasks.
Low Severity, High Impact: Crashes and Overflows
The advisory also addresses several Low severity issues that could still lead to Denial of Service (DoS) or potential code execution:
- AES-CFB-128 Out-of-bounds Read (CVE-2026-28386): Specific to x86-64 systems with AVX-512 support, this flaw can trigger a crash when processing partial cipher blocks.
- DANE Client Use-after-free (CVE-2026-28387): A rare configuration in DANE-enabled clients could lead to memory corruption or arbitrary code execution.
- NULL Pointer Dereferences: Three separate vulnerabilities (CVE-2026-28388, CVE-2026-28389, CVE-2026-28390) were identified where malformed CRLs or CMS messages could cause an application to crash by dereferencing a NULL pointer.
- Heap Buffer Overflow (CVE-2026-31789): On 32-bit platforms, converting “an excessively large OCTET STRING value to a hexadecimal string” can cause a buffer overflow
Am I Vulnerable?
The reach of these vulnerabilities varies significantly across versions. Users of OpenSSL 3.6, 3.5, 3.4, 3.3, and 3.0 are generally the most affected.
| Version | Recommended Upgrade |
| OpenSSL 3.6 |
Upgrade to 3.6.2 |
| OpenSSL 3.5 |
Upgrade to 3.5.6 |
| OpenSSL 3.4 |
Upgrade to 3.4.5 |
| OpenSSL 3.3 |
Upgrade to 3.3.7 |
| OpenSSL 3.0 |
Upgrade to 3.0.20 |
OpenSSL 1.1.1 and 1.0.2 are largely unaffected by the RSA and AES issues, but they do require updates (1.1.1zg and 1.0.2zp) to address the NULL pointer dereference vulnerabilities. These updates are only available to premium support customers.
Mitigation and Action
For those unable to update immediately, the advisory suggests a manual workaround for the RSA KEM issue: “calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue”. However, security professionals are strongly encouraged to move to the latest patched versions to ensure comprehensive protection against all seven identified flaws.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
