CVE-2026-34180

Vulnerability

An integer truncation in OpenSSL's ASN.1 decoder mishandles the content length of an ASN.1 primitive element when it exceeds 2 gigabytes. This occurs on 64-bit Unix and Unix-like platforms. Applications passing attacker-supplied data to d2i_X509(), d2i_PKCS7(), or other d2i_* decoding functions are affected. OpenSSL's own command-line tools are not vulnerable because data read through the BIO layer is checked before reaching the affected code. 32-bit platforms and 64-bit Windows are not affected. The FIPS modules in OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected as the vulnerable code is outside the FIPS module boundary [1].

Exploitation

An attacker can exploit this vulnerability by crafting a DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes. When this structure is parsed by an affected application, the truncated length may cause OpenSSL to either read less than or beyond the end of the allocated buffer, potentially scanning for a terminating zero byte. The attacker needs to supply this crafted data to an application that uses the vulnerable d2i_* functions [1].

Impact

Successful exploitation of this vulnerability can lead to a Denial of Service (DoS) by crashing the application. Alternatively, it may allow an attacker to load contents of memory beyond the end of the input buffer into the decoded ASN.1 object. This occurs because the mishandled length can cause OpenSSL to read past the allocated buffer boundaries [1].

Mitigation

OpenSSL versions 4.0, 3.6, 3.5, 3.4, and 3.0 are affected. Users should upgrade to OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6, or 3.0.21, respectively. For older versions, OpenSSL 1.1.1 users should upgrade to 1.1.1zh and 1.0.2 users should upgrade to 1.0.2zq, though these are available only to premium support customers. The FIPS modules in these versions are not affected. No other workarounds are disclosed in the available references [1].