Kritische OpenSSL-Schwachstellen ermöglichen Remote-Code-Execution-Angriffe

If the application later reuses or frees the same BIO, it may encounter a use‑after‑free condition that can result in crashes, heap corruption, or controlled exploitation, depending on the allocator’s behavior and how the BIO is managed.

Critical OpenSSL RCE Vulnerabilities The vulnerability affects applications that use OpenSSL’s PKCS7 APIs to verify PKCS7 or S/MIME signatures. In contrast, those that rely on the CMS APIs for the same functionality are not impacted.

The advisory states that OpenSSL versions 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2 are all vulnerable to CVE‑2026‑45447, and it provides patched releases for each affected branch. Administrators are urged to upgrade OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6, or 3.0.21, while customers with extended support for legacy lines should move to 1.1.1zh or 1.0.2zq.

Technik und Auswirkungen

The FIPS modules for 4.0, 3.6, 3.5, 3.4, and 3.0 are not impacted, as the vulnerable code lies outside the FIPS boundary. Alongside the critical PKCS7 bug, the advisory details numerous additional vulnerabilities, ranging from high to moderate severity, targeting different parts of the OpenSSL codebase.

These include weaknesses in CMS AuthEnvelopedData processing that can grant key‑equivalent capabilities or integrity bypass. QUIC logic flaws that enable denial‑of‑service through memory exhaustion or NULL pointer dereferences.

An AES‑OCB misuse issue where IVs are silently ignored when using the low‑level EVP_Cipher interface, breaking nonce uniqueness and tag authenticity. Several ASN.1 parsing bugs, PKCS12 PBMAC1 validation issues, CMS password‑based decryption problems.

CMP handling flaws also appear, many

CMP handling flaws also appear, many of which primarily lead to denial‑of‑service but in some cases may enable more advanced cryptographic attacks. OpenSSL’s own protocols such as TLS, QUIC, CMS, PKCS7, HPKE, and S/MIME are affected in different combinations depending on the specific vulnerability, configuration, and feature usage.

However, some of the most dangerous cryptographic weaknesses affect only custom applications that use low‑level EVP primitives or implement bespoke messaging protocols on top OpenSSL. Especially when they fail to enforce strict input validation or rely on error codes as oracles.

The OpenSSL team recommends that organizations not only patch to the latest versions but also audit their use of PKCS7, CMS, QUIC, AES‑OCB, AES‑SIV, and PKCS12 workflows to identify any high‑risk exposure. Where upgrading is delayed, turn off nonessential features such as OCSP stapling and vulnerable PKCS7‑based paths as an interim hardening step.

Abi is Security Editor and fellow reporter with