CVE-2026-7383 (GCVE-0-2026-7383)

Vulnerability from cvelistv5 – Published: 2026-06-09 16:03 – Updated: 2026-06-10 07:47
VLAI
Title
Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion
Summary
Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination size for Unicode output is computed in a signed int: by left shift of the input character count for BMPSTRING (UTF-16) and UNIVERSALSTRING (UTF-32), and by summing per-character byte counts for UTF8STRING. The calculation overflows when the input reaches around 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30 characters) the size wraps to zero, OPENSSL_malloc(1) is called, and the subsequent character copy writes several gigabytes past the one-byte allocation. X.509 certificate processing routes through ASN1_STRING_set_by_NID(), whose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID size limits cap the input length; no network protocol or certificate-handling path in OpenSSL exercises the overflow. Triggering the bug requires an application that calls ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers a custom string type via ASN1_STRING_TABLE_add(), with attacker-controlled input on the order of half a gigabyte or more. For these reasons this issue was assigned Low severity. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
Severity
8.1 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
OpenSSL OpenSSL Affected: 4.0.0 , < 4.0.1 (semver)
Affected: 3.6.0 , < 3.6.3 (semver)
Affected: 3.5.0 , < 3.5.7 (semver)
Affected: 3.4.0 , < 3.4.6 (semver)
Affected: 3.0.0 , < 3.0.21 (semver)
Affected: 1.1.1 , < 1.1.1zh (custom)
Affected: 1.0.2 , < 1.0.2zq (custom)
Create a notification for this product.
Date Public
2026-06-09 14:00
Credits
Zehua Qiao Jinwen He Viktor Dukhovni
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-7383",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T03:58:57.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "4.0.1",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.6.3",
              "status": "affected",
              "version": "3.6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.5.7",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.4.6",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.21",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1zh",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zq",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Zehua Qiao"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Jinwen He"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2026-06-09T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: A signed integer overflow when sizing the destination\u003cbr\u003ebuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\u003cbr\u003ebuffer overflow.\u003cbr\u003e\u003cbr\u003eImpact summary: A heap buffer overflow may lead to a crash or possibly\u003cbr\u003eattacker controlled code execution or other undefined behaviour.\u003cbr\u003e\u003cbr\u003eIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\u003cbr\u003esize for Unicode output is computed in a signed int: by left shift\u003cbr\u003eof the input character count for BMPSTRING (UTF-16) and\u003cbr\u003eUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\u003cbr\u003efor UTF8STRING. The calculation overflows when the input reaches\u003cbr\u003earound 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\u003cbr\u003echaracters) the size wraps to zero, OPENSSL_malloc(1) is called, and\u003cbr\u003ethe subsequent character copy writes several gigabytes past the\u003cbr\u003eone-byte allocation.\u003cbr\u003e\u003cbr\u003eX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\u003cbr\u003ewhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\u003cbr\u003esize limits cap the input length; no network protocol or\u003cbr\u003ecertificate-handling path in OpenSSL exercises the overflow.\u003cbr\u003eTriggering the bug requires an application that calls\u003cbr\u003eASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\u003cbr\u003ea custom string type via ASN1_STRING_TABLE_add(), with\u003cbr\u003eattacker-controlled input on the order of half a gigabyte or more.\u003cbr\u003eFor these reasons this issue was assigned Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\u003cbr\u003ethis issue, as the affected code is outside the OpenSSL FIPS module\u003cbr\u003eboundary."
            }
          ],
          "value": "Issue summary: A signed integer overflow when sizing the destination\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\nbuffer overflow.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nattacker controlled code execution or other undefined behaviour.\n\nIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\nsize for Unicode output is computed in a signed int: by left shift\nof the input character count for BMPSTRING (UTF-16) and\nUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\nfor UTF8STRING. The calculation overflows when the input reaches\naround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\ncharacters) the size wraps to zero, OPENSSL_malloc(1) is called, and\nthe subsequent character copy writes several gigabytes past the\none-byte allocation.\n\nX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\nwhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\nsize limits cap the input length; no network protocol or\ncertificate-handling path in OpenSSL exercises the overflow.\nTriggering the bug requires an application that calls\nASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\na custom string type via ASN1_STRING_TABLE_add(), with\nattacker-controlled input on the order of half a gigabyte or more.\nFor these reasons this issue was assigned Low severity.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\nthis issue, as the affected code is outside the OpenSSL FIPS module\nboundary."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://openssl-library.org/policies/general/security-policy/"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T07:47:47.578Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://openssl-library.org/news/secadv/20260609.txt"
        },
        {
          "name": "4.0.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/d32350ae8ef7426718f5aa9e383d4b51398ee255"
        },
        {
          "name": "3.6.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/c332adaced43bcbb85f97410597e951c11ec3083"
        },
        {
          "name": "3.5.7 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/80c15faaf78042bbb8654a0e234c50c381732f74"
        },
        {
          "name": "3.4.6 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/4f8d2bddaa2c8e06f9c33390ee1717059a6e4be6"
        },
        {
          "name": "3.0.21 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2026-7383",
    "datePublished": "2026-06-09T16:03:15.508Z",
    "dateReserved": "2026-04-29T08:21:07.253Z",
    "dateUpdated": "2026-06-10T07:47:47.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-7383",
      "date": "2026-06-11",
      "epss": "0.00067",
      "percentile": "0.20786"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-7383\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2026-06-09T17:17:50.337\",\"lastModified\":\"2026-06-10T08:16:25.463\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: A signed integer overflow when sizing the destination\\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\\nbuffer overflow.\\n\\nImpact summary: A heap buffer overflow may lead to a crash or possibly\\nattacker controlled code execution or other undefined behaviour.\\n\\nIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\\nsize for Unicode output is computed in a signed int: by left shift\\nof the input character count for BMPSTRING (UTF-16) and\\nUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\\nfor UTF8STRING. The calculation overflows when the input reaches\\naround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\\ncharacters) the size wraps to zero, OPENSSL_malloc(1) is called, and\\nthe subsequent character copy writes several gigabytes past the\\none-byte allocation.\\n\\nX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\\nwhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\\nsize limits cap the input length; no network protocol or\\ncertificate-handling path in OpenSSL exercises the overflow.\\nTriggering the bug requires an application that calls\\nASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\\na custom string type via ASN1_STRING_TABLE_add(), with\\nattacker-controlled input on the order of half a gigabyte or more.\\nFor these reasons this issue was assigned Low severity.\\n\\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\\nthis issue, as the affected code is outside the OpenSSL FIPS module\\nboundary.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/commit/4f8d2bddaa2c8e06f9c33390ee1717059a6e4be6\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/80c15faaf78042bbb8654a0e234c50c381732f74\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/c332adaced43bcbb85f97410597e951c11ec3083\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://github.com/openssl/openssl/commit/d32350ae8ef7426718f5aa9e383d4b51398ee255\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://openssl-library.org/news/secadv/20260609.txt\",\"source\":\"openssl-security@openssl.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-7383\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-09T16:48:52.179678Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-09T16:48:48.573Z\"}}], \"cna\": {\"title\": \"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Zehua Qiao\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Jinwen He\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Viktor Dukhovni\"}], \"metrics\": [{\"other\": {\"type\": \"https://openssl-library.org/policies/general/security-policy/\", \"content\": {\"text\": \"Low\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.0.1\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.6.0\", \"lessThan\": \"3.6.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.5.0\", \"lessThan\": \"3.5.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.4.0\", \"lessThan\": \"3.4.6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.21\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.1.1\", \"lessThan\": \"1.1.1zh\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.0.2\", \"lessThan\": \"1.0.2zq\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-06-09T14:00:00.000Z\", \"references\": [{\"url\": \"https://openssl-library.org/news/secadv/20260609.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/d32350ae8ef7426718f5aa9e383d4b51398ee255\", \"name\": \"4.0.1 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/c332adaced43bcbb85f97410597e951c11ec3083\", \"name\": \"3.6.3 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/80c15faaf78042bbb8654a0e234c50c381732f74\", \"name\": \"3.5.7 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/4f8d2bddaa2c8e06f9c33390ee1717059a6e4be6\", \"name\": \"3.4.6 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://github.com/openssl/openssl/commit/bd17511070fb39a67bfa19682affb765e706a974\", \"name\": \"3.0.21 git commit\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: A signed integer overflow when sizing the destination\\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\\nbuffer overflow.\\n\\nImpact summary: A heap buffer overflow may lead to a crash or possibly\\nattacker controlled code execution or other undefined behaviour.\\n\\nIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\\nsize for Unicode output is computed in a signed int: by left shift\\nof the input character count for BMPSTRING (UTF-16) and\\nUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\\nfor UTF8STRING. The calculation overflows when the input reaches\\naround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\\ncharacters) the size wraps to zero, OPENSSL_malloc(1) is called, and\\nthe subsequent character copy writes several gigabytes past the\\none-byte allocation.\\n\\nX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\\nwhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\\nsize limits cap the input length; no network protocol or\\ncertificate-handling path in OpenSSL exercises the overflow.\\nTriggering the bug requires an application that calls\\nASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\\na custom string type via ASN1_STRING_TABLE_add(), with\\nattacker-controlled input on the order of half a gigabyte or more.\\nFor these reasons this issue was assigned Low severity.\\n\\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\\nthis issue, as the affected code is outside the OpenSSL FIPS module\\nboundary.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: A signed integer overflow when sizing the destination\u003cbr\u003ebuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\u003cbr\u003ebuffer overflow.\u003cbr\u003e\u003cbr\u003eImpact summary: A heap buffer overflow may lead to a crash or possibly\u003cbr\u003eattacker controlled code execution or other undefined behaviour.\u003cbr\u003e\u003cbr\u003eIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\u003cbr\u003esize for Unicode output is computed in a signed int: by left shift\u003cbr\u003eof the input character count for BMPSTRING (UTF-16) and\u003cbr\u003eUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\u003cbr\u003efor UTF8STRING. The calculation overflows when the input reaches\u003cbr\u003earound 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\u003cbr\u003echaracters) the size wraps to zero, OPENSSL_malloc(1) is called, and\u003cbr\u003ethe subsequent character copy writes several gigabytes past the\u003cbr\u003eone-byte allocation.\u003cbr\u003e\u003cbr\u003eX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\u003cbr\u003ewhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\u003cbr\u003esize limits cap the input length; no network protocol or\u003cbr\u003ecertificate-handling path in OpenSSL exercises the overflow.\u003cbr\u003eTriggering the bug requires an application that calls\u003cbr\u003eASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\u003cbr\u003ea custom string type via ASN1_STRING_TABLE_add(), with\u003cbr\u003eattacker-controlled input on the order of half a gigabyte or more.\u003cbr\u003eFor these reasons this issue was assigned Low severity.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\u003cbr\u003ethis issue, as the affected code is outside the OpenSSL FIPS module\u003cbr\u003eboundary.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2026-06-10T07:47:47.578Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-7383\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-10T07:47:47.578Z\", \"dateReserved\": \"2026-04-29T08:21:07.253Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2026-06-09T16:03:15.508Z\", \"assignerShortName\": \"openssl\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.