CVE-2026-31790

EUVD-2026-19969
Issue summary: Applications using RSASVE key encapsulation to establish
a secret encryption key can send contents of an uninitialized memory buffer to
a malicious peer.

Impact summary: The uninitialized buffer might contain sensitive data from the
previous execution of the application process which leads to sensitive data
leakage to an attacker.

RSA_public_encrypt() returns the number of bytes written on success and -1
on error. The affected code tests only whether the return value is non-zero.
As a result, if RSA encryption fails, encapsulation can still return success to
the caller, set the output lengths, and leave the caller to use the contents of
the ciphertext buffer as if a valid KEM ciphertext had been produced.

If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an
attacker-supplied invalid RSA public key without first validating that key,
then this may cause stale or uninitialized contents of the caller-provided
ciphertext buffer to be disclosed to the attacker in place of the KEM
ciphertext.

As a workaround calling EVP_PKEY_public_check() or
EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate
the issue.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
3.0.0 ≤
𝑥
< 3.0.20
opensslopenssl
3.3.0 ≤
𝑥
< 3.3.7
opensslopenssl
3.4.0 ≤
𝑥
< 3.4.5
opensslopenssl
3.5.0 ≤
𝑥
< 3.5.6
opensslopenssl
3.6.0 ≤
𝑥
< 3.6.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
SiemensSIMATIC CN 4100
𝑥
< V5.0
ADP
Debian logo
Debian Releases
Debian Product
Codename
openssl
bookworm
3.0.20-1~deb12u1
fixed
bookworm (security)
3.0.19-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u5
fixed
forky
3.6.2-1
fixed
sid
3.6.2-1
fixed
trixie
3.5.6-1~deb13u1
fixed
trixie (security)
3.5.5-1~deb13u2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssl
bionic
not-affected
focal
not-affected
jammy
Fixed 3.0.2-0ubuntu1.23
released
noble
Fixed 3.0.13-0ubuntu3.9
released
questing
Fixed 3.5.3-1ubuntu3.3
released
resolute
Fixed 3.5.5-1ubuntu3
released
trusty
not-affected
xenial
not-affected
openssl-fips
jammy
dne
noble
dne
questing
dne
resolute
dne
openssl1.0
bionic
not-affected
jammy
dne
noble
dne
questing
dne
resolute
dne
nodejs
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
questing
not-affected
resolute
not-affected
trusty
not-affected
xenial
not-affected
edk2
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
needed
questing
needed
resolute
needed
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libopenssl-3-devel
suse enterprise desktop 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise server 15 SP4
3.0.8-150400.4.81.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.5.60.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.45.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.5.31.1
fixed
libopenssl-3-fips-provider
suse enterprise desktop 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.45.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.5.31.1
fixed
libopenssl-3-fips-provider-32bit
suse enterprise desktop 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.45.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.5.31.1
fixed
libopenssl3
suse enterprise desktop 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise server 15 SP4
3.0.8-150400.4.81.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.5.60.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.45.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.5.31.1
fixed
libopenssl3-32bit
suse enterprise desktop 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.45.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.5.31.1
fixed
openssl-3
suse enterprise desktop 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.5.31.1
fixed
suse enterprise server 15 SP4
3.0.8-150400.4.81.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.5.60.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.45.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.5.31.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
openssl
RHEL 9
1:3.5.5-2.el9_8
fixed
openssl-devel
RHEL 9
1:3.5.5-2.el9_8
fixed
openssl-libs
RHEL 9
1:3.5.5-2.el9_8
fixed
openssl-perl
RHEL 9
1:3.5.5-2.el9_8
fixed
Common Weakness Enumeration
References
https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac
https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482
https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406
https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790
https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e
https://openssl-library.org/news/secadv/20260407.txt
https://cert-portal.siemens.com/productcert/html/ssa-032379.html