OpenSSL April 2026 Update Fixes RSA KEM Data Leakage

April 8, 2026 Faeem BLOGS 0

OpenSSL has released a broad April 2026 security update addressing seven vulnerabilities across supported branches, with the most critical being CVE-2026-31790 — a flaw in RSA KEM RSASVE encapsulation that can expose uninitialized memory to malicious peers.

CVE-2026-31790: RSA KEM Handling Bug

  • Severity: Moderate (CVSS 9.8 equivalent impact in some contexts).
  • Affected versions: OpenSSL 3.0, 3.3, 3.4, 3.5, and 3.6 (including FIPS modules).
  • Root cause: Incorrect return-value check in RSA_public_encrypt().
  • Impact: Failed RSA operations can still appear successful, causing stale or sensitive data to leak from ciphertext buffers.
  • Mitigation: Validate attacker-supplied RSA public keys using EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before encapsulation.

Other Vulnerabilities Fixed

OpenSSL also patched six low-severity flaws:

  • CVE-2026-28386: Out-of-bounds read in AES-CFB-128 on x86-64 with AVX-512/VAES.
  • CVE-2026-28387: Use-after-free in uncommon DANE client configurations.
  • CVE-2026-28388: Delta CRL NULL dereference.
  • CVE-2026-28389/28390: CMS NULL dereference in KeyAgreeRecipientInfo and KeyTransportRecipientInfo.
  • CVE-2026-31789: Heap buffer overflow during oversized OCTET STRING conversion on 32-bit systems.

Most of these issues create denial-of-service conditions, but they highlight recurring risks in cryptographic parsing and error-handling paths.

Recommended Actions

  • Upgrade immediately: Move to OpenSSL 3.0.20, 3.3.7, 3.4.5, 3.5.6, or 3.6.2 depending on branch.
  • Validate public keys: Explicitly check imported RSA keys before encapsulation.
  • Review exposure: Beyond TLS, OpenSSL is embedded in mail gateways, CMS/S/MIME services, and certificate-processing tools — all may be affected.
  • Enterprise environments: Pay attention to FIPS module impact, as regulated deployments are also exposed.

Final Thought

CVE-2026-31790 is a reminder that cryptographic libraries can leak sensitive data through subtle logic errors. For defenders, patching OpenSSL and enforcing public key validation are critical steps to prevent attackers from exploiting RSA KEM workflows.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.