CVE-2026-31789 — Out-of-bounds Write in Openssl

CWE-787 — Out-of-bounds Write CWE-190 — Integer Overflow or Wraparound18 documents9 sources

Severity

5.8MEDIUM

No vector

EPSS

0.0%

top 98.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openssl Debian Openssl Msrc Azl3 Openssl 3.3.5-4 ON Azure Linux 3.0

Timeline

PublishedApr 7

Latest updateApr 9

Description

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted t…

Affected Packages5 packages

▶debiandebian/openssl< openssl 3.0.19-1~deb12u2 (bookworm)

▶CVEListV5openssl/openssl3.6.0 — 3.6.2+4

▶Alpineopenssl/openssl< 3.5.6-r0+1

▶Debianopenssl/openssl< 3.0.19-1~deb12u2+1

▶msrcmsrc/azl3_openssl_3.3.5-4_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-j79m-9jxq-788r: Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms↗2026-04-08

▶

OSV

CVE-2026-31789: Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms↗2026-04-07

▶

OSV

CVE-2026-31789: Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms↗2026-04-07

▶

📋Vendor Advisories

Ubuntu

OpenSSL vulnerabilities↗2026-04-09

▶

Ubuntu

OpenSSL vulnerabilities↗2026-04-08

▶

Red Hat

openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing↗2026-04-07

▶

Microsoft

Heap Buffer Overflow in Hexadecimal Conversion↗2026-04-02

▶

Debian

CVE-2026-31789: openssl - Issue summary: Converting an excessively large OCTET STRING value to a hexadecim...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-28388 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-28386 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-28387 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-28389 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-28390 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-31789 openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing↗2026-03-25

▶