Home/CVE/Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflo
CVE

CVE-2026-31789

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflo

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3.

On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

CRITICAL · CVSS 9.8 EPSS 7e-05
Schedule remediation
  • CVSS base score ≥ 7.0
Sigma rules0 YARA rules0

Weakness Classification

CWE-787Out-of-bounds Write

Affected Products & Versions

5
openssl>= 3.0.0 and < 3.0.20
openssl>= 3.3.0 and < 3.3.7
openssl>= 3.4.0 and < 3.4.5
openssl>= 3.5.0 and < 3.5.6
openssl>= 3.6.0 and < 3.6.2

Scoring & Timeline

9.8
CRITICAL · CVSS v3.1 · openssl-security@openssl.org
View on NVD
Attack Vector
Network Adjacent Local Physical
Attack Complexity
Low High
Privileges Required
None Low High
User Interaction
None Required
Scope
Unchanged Changed
Confidentiality
None Low High
Integrity
None Low High
Availability
None Low High
Published to NVD07 Apr 2026 · 10:16 PM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC triage · cisa-vulnrichment
Exploitation
none
Automatable
no
Technical impact
total
SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

Vendor Advisories

24
cisa-aa-advisoriesicsa-26-134-10
siemens-csafSSA-032379
suse-csafSUSE-SU-2026:1577-1
suse-csafSUSE-SU-2026:1386-1
msrcCVE-2026-31789
🔗

References & Sources

7
Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.
https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bdePatch
https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecfPatch
https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49Patch
https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9Patch
https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521Patch
https://openssl-library.org/news/secadv/20260407.txtVendor Advisory
Intelligence Graph · click any node to traverse
CVETechnique ActorTool Family
drag to reposition · click any node to traverse · button top-right enlarges
External lookups - second-class, for what we don’t hold ourselves
NVDCVE.orgCISAVulnersExploit-DBGitHub PoCVulnCheck KEVGreyNoise
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin