SecurityLobsters4 days ago

CVE-2026-45447: Heap Use-After-Free in the PKCS7_verify() Function

1 min read

OpenSSL disclosed CVE-2026-45447, a heap use-after-free in the PKCS7_verify function. Parsing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes causes a heap buffer over-read on 64-bit Unix platforms. This may crash the application or load memory beyond the input buffer.

Level

Hype check

Tap to vote and see what everyone thinks.

#openssl #cve #security

CVE-2026-45447: Heap Use-After-Free in the PKCS7_verify() Function

More to chew on!