OpenSSL 1.1.1 < 1.1.1zh Multiple Vulnerabilities

🗓️ 09 Jun 2026 00:00:00Reported by TenableType

OpenSSL before 1.1.1zh has flaws: a CMS decryption null pointer crash and a string heap overflow.

Reporter	Title	Published	Views	Family All 87
FreeBSD	OpenSSL -- Multiple vulnerabilities	9 Jun 202600:00	–	freebsd
FreeBSD	FreeBSD -- Multiple vulnerabilities in OpenSSL	9 Jun 202600:00	–	freebsd
AlpineLinux	CVE-2026-34180	9 Jun 202616:03	–	alpinelinux
AlpineLinux	CVE-2026-42766	9 Jun 202616:03	–	alpinelinux
AlpineLinux	CVE-2026-45447	9 Jun 202616:03	–	alpinelinux
AlpineLinux	CVE-2026-7383	9 Jun 202616:03	–	alpinelinux
AlpineLinux	CVE-2026-9076	9 Jun 202616:03	–	alpinelinux
Circl	CVE-2026-42766	9 Jun 202616:53	–	circl
Circl	CVE-2026-45447	9 Jun 202613:57	–	circl
Circl	CVE-2026-9076	9 Jun 202616:53	–	circl

Source	Link
openssl-library	www.openssl-library.org/news/secadv/20260609.txt
nessus	www.nessus.org/u
cve	www.cve.org/CVERecord
cve	www.cve.org/CVERecord
cve	www.cve.org/CVERecord
cve	www.cve.org/CVERecord
cve	www.cve.org/CVERecord
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(320139);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/10");

  script_cve_id(
    "CVE-2026-7383",
    "CVE-2026-9076",
    "CVE-2026-34180",
    "CVE-2026-42766",
    "CVE-2026-45447"
  );

  script_name(english:"OpenSSL 1.1.1 < 1.1.1zh Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote service is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of OpenSSL installed on the remote host is prior to 1.1.1zh. It is, therefore, affected by multiple
vulnerabilities as referenced in the 1.1.1zh advisory.

  - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference
    during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a
    Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined as OPTIONAL in
    the ASN.1 specification and may therefore be absent in specially crafted inputs. During the password-based
    CMS decryption the OpenSSL CMS implementation dereferences this field without first checking whether it
    was present. An attacker who supplies such a CMS message to an application performing password-based CMS
    decryption can trigger an application crash, leading to a Denial of Service. Applications that process
    password-encrypted CMS messages may be affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not
    affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-42766)

  - Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in
    ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead
    to a crash or possibly attacker controlled code execution or other undefined behaviour. In
    ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination size for Unicode output is computed in a
    signed int: by left shift of the input character count for BMPSTRING (UTF-16) and UNIVERSALSTRING
    (UTF-32), and by summing per-character byte counts for UTF8STRING. The calculation overflows when the
    input reaches around 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30 characters) the size
    wraps to zero, OPENSSL_malloc(1) is called, and the subsequent character copy writes several gigabytes
    past the one-byte allocation. X.509 certificate processing routes through ASN1_STRING_set_by_NID(), whose
    DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID size limits cap the input length; no
    network protocol or certificate-handling path in OpenSSL exercises the overflow. Triggering the bug
    requires an application that calls ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers a
    custom string type via ASN1_STRING_TABLE_add(), with attacker-controlled input on the order of half a
    gigabyte or more. For these reasons this issue was assigned Low severity. The FIPS modules in 4.0, 3.6,
    3.5, 3.4 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module
    boundary. (CVE-2026-7383)

  - Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied
    CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in
    kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of
    Service for an application if the input buffer ends at a memory page boundary and the following page is
    unmapped. There is no information disclosure as the over-read bytes are not revealed to the attacker. The
    key unwrapping function performs a check-byte test as specified in the RFC that reads 7 bytes from a heap
    allocation that is based on the wrapped key length from the message. There is a minimum length check based
    on the block length of the wrapping cipher. However the cipher is selected from an OID carried in the
    attacker's PWRI keyEncryptionAlgorithm with no requirement that the cipher be a block cipher. When an
    attacker selects a stream-mode cipher the guard will be ineffective and the allocated buffer containing
    the unwrapped key can be too small to fit the check-bytes specified in the RFC and a buffer over-read can
    happen. Applications calling CMS_decrypt() or CMS_decrypt_set1_password() (equivalently openssl cms
    -decrypt -pwri_password ...) on untrusted CMS data are vulnerable to this issue. No password knowledge is
    required: the over-read happens during the unwrap attempt before any authentication succeeds. The over-
    read is limited to a few bytes and is not written to output, so there is no information disclosure.
    Triggering a crash requires the allocation to border unmapped memory, which is unlikely with the normal
    allocator. The FIPS modules are not affected by this issue. (CVE-2026-9076)

  - Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during
    PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap
    corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if
    the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a
    caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in
    a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on
    the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO
    usage patterns, this may result in a crash or other memory corruption. In some application contexts this
    may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME
    signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this
    processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this
    issue, as the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-45447)

  - Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content
    exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms.
    Impact summary: The heap buffer over-read may crash the application (Denial of Service) or to load into
    the decoded ASN.1 object contents of memory beyond the end of the input buffer. More typically such ASN.1
    elements would instead be truncated. An integer truncation in OpenSSL's ASN.1 decoder causes the content
    length of an ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In the worst case the
    truncated length is treated as a request to scan the binary content for a terminating zero byte, possibly
    causing OpenSSL to read either less than or beyond the end of the allocated buffer. Applications that pass
    attacker-supplied data to d2i_X509(), d2i_PKCS7(), or any other d2i_* decoding function are affected.
    OpenSSL's own command-line tools are not vulnerable, as data read through the BIO layer is checked before
    it reaches the affected code. The issue only affects 64-bit Unix and Unix-like platforms; 32-bit platforms
    and 64-bit Windows are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by
    this issue, as the affected code is outside the OpenSSL FIPS module boundary. (CVE-2026-34180)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://openssl-library.org/news/secadv/20260609.txt");
  # https://openssl-library.org/policies/general/security-policy/index.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eac4598c");
  script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2026-34180");
  script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2026-42766");
  script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2026-45447");
  script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2026-7383");
  script_set_attribute(attribute:"see_also", value:"https://www.cve.org/CVERecord?id=CVE-2026-9076");
  script_set_attribute(attribute:"solution", value:
"Upgrade to OpenSSL version 1.1.1zh or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-42766");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-45447");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/09");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:openssl:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("openssl_version.nasl", "openssl_nix_installed.nbin", "openssl_win_installed.nbin");
  script_require_keys("installed_sw/OpenSSL");

  exit(0);
}

include('vcf.inc');
include('vcf_extras_openssl.inc');

var app_info = vcf::combined_get_app_info(app:'OpenSSL');

vcf::check_all_backporting(app_info:app_info);

var constraints = [
  { 'min_version' : '1.1.1', 'fixed_version' : '1.1.1zh' }
];

vcf::openssl::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);

10 Jun 2026 00:00Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.18.8

SSVC