CVE-2026-42771

Vulnerability

An out-of-bounds read vulnerability exists in the X509_VERIFY_PARAM_set1_email function within OpenSSL when validating a crafted email address, such as during S/MIME message validation. An internal helper function incorrectly used a wrong length, failing to enforce the 64-octet limit for the local part of an email address, leading to the out-of-bounds read and potential crash. This affects OpenSSL versions prior to the patched releases [1].

Exploitation

An attacker can exploit this vulnerability by sending an email message with a specially crafted From: address. When an application uses OpenSSL to validate this email address, for instance during S/MIME message validation, the vulnerable code path is triggered, leading to the out-of-bounds read [1].

Impact

The primary impact of this vulnerability is a denial of service (DoS) due to a potential crash. The out-of-bounds read does not directly exfiltrate data to the attacker, but the resulting memory corruption can cause the affected application or service to become unstable or terminate unexpectedly [1].

Mitigation

OpenSSL versions 4.0, 3.6, 3.5, 3.4, 3.0, 1.1.1, and 1.0.2 are vulnerable. Users should upgrade to OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh (premium support), or 1.0.2zq (premium support) respectively. No other workarounds are specified in the available references [1].