CVE-2026-7383

Vulnerability

A signed integer overflow occurs when calculating the destination buffer size for Unicode output in the ASN1_mbstring_ncopy() function. This happens when the input character count reaches approximately 2^30, causing the size calculation to wrap around, potentially to zero. The affected code paths are not typically exercised by standard X.509 certificate processing due to input length limits and type restrictions. The vulnerability exists in OpenSSL versions prior to the patched releases. The FIPS modules in versions 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected as the vulnerable code is outside the FIPS module boundary [1].

Exploitation

An attacker would need to call ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or register a custom string type via ASN1_STRING_TABLE_add(), with attacker-controlled input on the order of half a gigabyte or more. The specific sequence of steps involves providing input that triggers the signed integer overflow during the size calculation for Unicode output, leading to a subsequent heap buffer overflow when data is copied to a small, incorrectly allocated buffer.

Impact

A heap buffer overflow can lead to a crash of the application, heap corruption, or potentially attacker-controlled code execution. In the worst-case scenario described, a size calculation wrapping to zero results in a 1-byte allocation, followed by a copy operation writing gigabytes past this allocation, leading to undefined behavior and potential compromise [1].

Mitigation

OpenSSL versions 4.0.1, 3.6.3, 3.5.7, 3.4.6, 3.0.21, 1.1.1zh, and 1.0.2zq contain fixes for this issue. Users should upgrade to the respective patched versions. The FIPS modules in versions 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected. No workarounds are specified in the available references [1].