OpenSSL PKCS#7 CVE-2026-45447
CVE-2026-45447 is a use-after-free vulnerability in OpenSSL's PKCS#7 signature verification. It occurs when processing specially crafted PKCS#7 or S/MIME signed messages containing an empty ASN. 1 SET in the SignedData digestAlgorithms field. This causes OpenSSL to incorrectly free a caller-owned BIO during PKCS7_verify(), leading to potential crashes, heap corruption, or remote code execution. Applications using OpenSSL PKCS#7 APIs may be affected, while those using CMS APIs or FIPS modules are not impacted. The vulnerability has been addressed by OpenSSL in official commits.
AI Analysis
Technical Summary
A use-after-free vulnerability exists in OpenSSL's PKCS#7 signature verification when processing a specially crafted PKCS#7 or S/MIME signed message with an empty ASN.1 SET in the SignedData digestAlgorithms field. OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(), and subsequent use of this BIO by the application results in a use-after-free condition. This can cause process crashes, heap corruption, or potentially remote code execution depending on allocator behavior and application BIO usage. Applications using OpenSSL PKCS#7 APIs are affected; those using CMS APIs or FIPS modules (versions 4.0, 3.6, 3.5, 3.4, 3.0) are not affected. The OpenSSL Software Foundation has released patches addressing this issue, as documented in multiple commits and a security advisory dated 2026-06-09.
Potential Impact
The vulnerability can lead to process crashes, heap corruption, or potentially remote code execution when processing malicious PKCS#7 or S/MIME signed messages. This affects applications using OpenSSL PKCS#7 APIs. The severity is high given the potential for remote code execution, but exploitation depends on application-specific usage patterns and allocator behavior. CMS API users and OpenSSL FIPS modules are not impacted.
Mitigation Recommendations
An official fix is available from the OpenSSL Software Foundation. Users and application developers should apply the patches provided in the OpenSSL commits referenced in the advisory (dated 2026-06-09). Applications using CMS APIs or OpenSSL FIPS modules are not affected and require no action. Verify that your OpenSSL version includes the fix by consulting the OpenSSL security advisory and applying updates accordingly.
OpenSSL PKCS#7 CVE-2026-45447
Description
CVE-2026-45447 is a use-after-free vulnerability in OpenSSL's PKCS#7 signature verification. It occurs when processing specially crafted PKCS#7 or S/MIME signed messages containing an empty ASN. 1 SET in the SignedData digestAlgorithms field. This causes OpenSSL to incorrectly free a caller-owned BIO during PKCS7_verify(), leading to potential crashes, heap corruption, or remote code execution. Applications using OpenSSL PKCS#7 APIs may be affected, while those using CMS APIs or FIPS modules are not impacted. The vulnerability has been addressed by OpenSSL in official commits.
Reddit Discussion
Especially relevant on systems processing PKCS#7 or S/MIME contents
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A use-after-free vulnerability exists in OpenSSL's PKCS#7 signature verification when processing a specially crafted PKCS#7 or S/MIME signed message with an empty ASN.1 SET in the SignedData digestAlgorithms field. OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(), and subsequent use of this BIO by the application results in a use-after-free condition. This can cause process crashes, heap corruption, or potentially remote code execution depending on allocator behavior and application BIO usage. Applications using OpenSSL PKCS#7 APIs are affected; those using CMS APIs or FIPS modules (versions 4.0, 3.6, 3.5, 3.4, 3.0) are not affected. The OpenSSL Software Foundation has released patches addressing this issue, as documented in multiple commits and a security advisory dated 2026-06-09.
Potential Impact
The vulnerability can lead to process crashes, heap corruption, or potentially remote code execution when processing malicious PKCS#7 or S/MIME signed messages. This affects applications using OpenSSL PKCS#7 APIs. The severity is high given the potential for remote code execution, but exploitation depends on application-specific usage patterns and allocator behavior. CMS API users and OpenSSL FIPS modules are not impacted.
Mitigation Recommendations
An official fix is available from the OpenSSL Software Foundation. Users and application developers should apply the patches provided in the OpenSSL commits referenced in the advisory (dated 2026-06-09). Applications using CMS APIs or OpenSSL FIPS modules are not affected and require no action. Verify that your OpenSSL version includes the fix by consulting the OpenSSL security advisory and applying updates accordingly.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":45,"reasons":["external_link","newsworthy_keywords:cve-","security_identifier","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["cve-"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a29641fc9170919df1b7aaf
Added to database: 6/10/2026, 1:18:23 PM
Last enriched: 6/10/2026, 1:18:34 PM
Last updated: 6/10/2026, 2:19:51 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.