Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 2.7%top 16%

Red Hat Security Advisory: compat-openssl10 security update

0
High
Published: 07/07/2026 (07/07/2026, 14:35:00 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

A heap use-after-free vulnerability exists in the OpenSSL PKCS7_verify() function in the compat-openssl10 package provided by Red Hat for compatibility with older software. This vulnerability is identified as CVE-2026-45447 and has been rated with high severity by Red Hat Product Security. The issue affects Red Hat Enterprise Linux 8 across multiple architectures and extended life cycle versions. A security update has been issued by Red Hat to address this vulnerability.

Affected software

redhat/compat-openssl10
pkg:rpm/redhat/compat-openssl10

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/08/2026, 13:47:09 UTC

Technical Analysis

The Red Hat compat-openssl10 package, which provides OpenSSL 1.0.2 libraries for compatibility with older software, contains a heap use-after-free vulnerability in the PKCS7_verify() function (CVE-2026-45447). This vulnerability is classified under CWE-825. Red Hat has issued an important security advisory (RHSA-2026:36215) and released updated packages for Red Hat Enterprise Linux 8 across various architectures and extended life cycle versions to address this flaw. The advisory references the CVE for further details but does not provide a CVSS score. The update mitigates the vulnerability by correcting the memory management in the affected function.

Potential Impact

The vulnerability allows for a heap use-after-free condition during the verification of PKCS7 signatures in OpenSSL, which may lead to memory corruption or application crashes. This could affect applications relying on the compat-openssl10 libraries for cryptographic operations involving PKCS7 data. No known exploits in the wild have been reported at this time.

Mitigation Recommendations

Red Hat has released updated compat-openssl10 packages for Red Hat Enterprise Linux 8 and its extended life cycle variants that fix this vulnerability. Users should apply these official updates as soon as possible following Red Hat's guidance at https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2026:36215
Cve Count
1
Additional Cves
[]
Cvss Version
null

Threat ID: 6a4e4efdc9d9e3dbe328d0ce

Added to database: 07/08/2026, 13:22:05 UTC

Last enriched: 07/08/2026, 13:47:09 UTC

Last updated: 07/08/2026, 22:28:25 UTC

Views: 3

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses