{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T08:59:39.748","vulnerabilities":[{"cve":{"id":"CVE-2026-22796","sourceIdentifier":"openssl-security@openssl.org","published":"2026-01-27T16:16:35.543","lastModified":"2026-02-02T18:40:27.467","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue."},{"lang":"es","value":"Resumen del problema: Existe una vulnerabilidad de confusión de tipos en la verificación de firma de datos PKCS#7 firmados, donde se accede a un miembro de la unión ASN1_TYPE sin validar primero el tipo, causando una desreferencia de puntero inválido o NULL al procesar datos PKCS#7 malformados.\n\nResumen del impacto: Una aplicación que realiza la verificación de firma de datos PKCS#7 o que llama directamente a la función PKCS7_digest_from_attributes() puede ser inducida a desreferenciar un puntero inválido o NULL al leer, resultando en una denegación de servicio.\n\nLa función PKCS7_digest_from_attributes() accede al valor del atributo de resumen del mensaje sin validar su tipo. Cuando el tipo no es V_ASN1_OCTET_STRING, esto resulta en el acceso a memoria inválida a través de la unión ASN1_TYPE, causando un fallo.\n\nExplotar esta vulnerabilidad requiere que un atacante proporcione un PKCS#7 firmado malformado a una aplicación que lo verifica. El impacto del exploit es solo una denegación de servicio, la API PKCS7 es heredada y las aplicaciones deberían usar la API CMS en su lugar. Por estas razones, el problema fue evaluado como de baja severidad.\n\nLos módulos FIPS en 3.5, 3.4, 3.3 y 3.0 no se ven afectados por este problema, ya que la implementación de análisis de PKCS#7 está fuera del límite del módulo FIPS de OpenSSL.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 y 1.0.2 son vulnerables a este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"openssl-security@openssl.org","type":"Secondary","description":[{"lang":"en","value":"CWE-754"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2zn","matchCriteriaId":"6A8EC60C-05EC-4886-8C82-63AEF4BDA8D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1ze","matchCriteriaId":"E000B986-6A31-468F-9EA3-B9D16DB16FB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.19","matchCriteriaId":"C76C5F55-5243-4461-82F5-2FEBFF4D59FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3.0","versionEndExcluding":"3.3.6","matchCriteriaId":"F5292E9E-6B50-409F-9219-7B0A04047AD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.4","matchCriteriaId":"B9D3DCAE-317D-4DFB-93F0-7A235A229619"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.5","matchCriteriaId":"1CAC7CBE-EC03-4089-938A-0CEEB2E09B62"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.1","matchCriteriaId":"68352537-5E99-4F4D-B78A-BCF0353A70A5"}]}]}],"references":[{"url":"https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://openssl-library.org/news/secadv/20260127.txt","source":"openssl-security@openssl.org","tags":["Vendor Advisory"]}]}}]}