VOOZH about

URL: https://nvd.nist.gov/vuln/detail/CVE-2026-45447

โ‡ฑ NVD - CVE-2026-45447

  1. Vulnerabilities

CVE-2026-45447 Detail

Description

Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.


Metrics

โ€‚
NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c OpenSSL Software Foundation Patch 
https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8 OpenSSL Software Foundation Patch 
https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54 OpenSSL Software Foundation Patch 
https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c OpenSSL Software Foundation Patch 
https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e OpenSSL Software Foundation Patch 
https://openssl-library.org/news/secadv/20260609.txt OpenSSL Software Foundation Vendor Advisory 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-416 Use After Free OpenSSL Software Foundationโ€ƒโ€ƒ

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

7 change records found show changes

CVE Modified by CISA-ADP 6/17/2026 6:52:04 AM

Action Type Old Value New Value
Added SSVC 
{"timestamp":"2026-06-10T03:59:38.212378Z","id":"CVE-2026-45447","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by OpenSSL Software Foundation 6/17/2026 6:52:04 AM

Action Type Old Value New Value
Added Affected 
[{"vendor":"OpenSSL","product":"OpenSSL","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.1","versionType":"semver","status":"affected"},{"version":"3.6.0","lessThan":"3.6.3","versionType":"semver","status":"affected"},{"version":"3.5.0","lessThan":"3.5.7","versionType":"semver","status":"affected"},{"version":"3.4.0","lessThan":"3.4.6","versionType":"semver","status":"affected"},{"version":"3.0.0","lessThan":"3.0.21","versionType":"semver","status":"affected"},{"version":"1.1.1","lessThan":"1.1.1zh","versionType":"custom","status":"affected"},{"version":"1.0.2","lessThan":"1.0.2zq","versionType":"custom","status":"affected"}]}]

Initial Analysis by NIST 6/15/2026 10:56:50 PM

Action Type Old Value New Value
Added CPE Configuration 
OR
 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.0.2 up to (excluding) 1.0.2zq
 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (excluding) 1.1.1zh
 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (excluding) 3.0.21
 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.4.0 up to (excluding) 3.4.6
 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.5.0 up to (excluding) 3.5.7
 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.6.0 up to (excluding) 3.6.3
 *cpe:2.3:a:openssl:openssl:4.0.0:-:*:*:*:*:*:*
Added Reference Type 
OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c Types: Patch
Added Reference Type 
OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8 Types: Patch
Added Reference Type 
OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54 Types: Patch
Added Reference Type 
OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c Types: Patch
Added Reference Type 
OpenSSL Software Foundation: https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e Types: Patch
Added Reference Type 
OpenSSL Software Foundation: https://openssl-library.org/news/secadv/20260609.txt Types: Vendor Advisory

CVE Modified by CISA-ADP 6/10/2026 11:16:35 AM

Action Type Old Value New Value
Added CVSS V3.1 
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Removed CVSS V3.1 
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE Modified by OpenSSL Software Foundation 6/10/2026 4:16:24 AM

Action Type Old Value New Value
Added Reference 
https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c
Added Reference 
https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8
Added Reference 
https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54
Added Reference 
https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c
Added Reference 
https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e
Removed Reference 
https://github.com/openssl/security/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c
Removed Reference 
https://github.com/openssl/security/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8
Removed Reference 
https://github.com/openssl/security/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54
Removed Reference 
https://github.com/openssl/security/commit/a541ae8bfe849a30cc885e8780715c0f488e496c
Removed Reference 
https://github.com/openssl/security/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e

CVE Modified by CISA-ADP 6/09/2026 4:16:58 PM

Action Type Old Value New Value
Added CVSS V3.1 
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

New CVE Received from OpenSSL Software Foundation 6/09/2026 1:17:19 PM

Action Type Old Value New Value
Added Description 
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#7 signature verification.

Impact summary: A use-after-free may result in process crashes, heap
corruption, or potentially remote code execution.

When processing a PKCS#7 or S/MIME signed message, if the SignedData
digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may
incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent
use of the BIO by the calling application results in a use-after-free
condition.

In the common case this occurs when the application later calls
BIO_free() on the BIO originally passed to PKCS7_verify(). Depending
on allocator behavior and application-specific BIO usage patterns, this
may result in a crash or other memory corruption. In some application
contexts this may potentially be exploitable for remote code execution.

Applications that process PKCS#7 or S/MIME signed messages using OpenSSL
PKCS#7 APIs may be affected. Applications using the CMS APIs for this
processing are not affected.

The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
Added CWE 
CWE-416
Added Reference 
https://github.com/openssl/security/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c
Added Reference 
https://github.com/openssl/security/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8
Added Reference 
https://github.com/openssl/security/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54
Added Reference 
https://github.com/openssl/security/commit/a541ae8bfe849a30cc885e8780715c0f488e496c
Added Reference 
https://github.com/openssl/security/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e
Added Reference 
https://openssl-library.org/news/secadv/20260609.txt

Quick Info

CVE Dictionary Entry:
CVE-2026-45447
NVD Published Date:
06/09/2026
NVD Last Modified:
06/17/2026
Source:
OpenSSL Software Foundation