CVE-2026-45447 Overview
CVE-2026-45447 is a use-after-free vulnerability in OpenSSL affecting PKCS#7 and S/MIME signature verification. A specially crafted PKCS#7 or S/MIME signed message can trigger memory corruption during signature verification through PKCS7_verify(). The flaw occurs when the SignedDatadigestAlgorithms field is present as an empty ASN.1 SET, causing OpenSSL to incorrectly free a caller-owned BIO. When the calling application subsequently uses the freed BIO, a use-after-free condition results. Applications using the CMS APIs are not affected, and the FIPS modules in versions 4.0, 3.6, 3.5, 3.4, and 3.0 are outside the affected code boundary.
Critical Impact
A use-after-free in PKCS7_verify() may result in process crashes, heap corruption, or potentially remote code execution when applications process attacker-controlled signed messages.
Affected Products
- OpenSSL applications using PKCS#7 APIs for signed message verification
- S/MIME message processing implementations built on OpenSSL PKCS7_verify()
- OpenSSL releases prior to the fix commits referenced in the security advisory
Discovery Timeline
- 2026-06-09 - OpenSSL publishes security advisory and fix commits
- 2026-06-09 - CVE-2026-45447 published to NVD
- 2026-06-10 - Last updated in NVD database
Technical Details for CVE-2026-45447
Vulnerability Analysis
The vulnerability resides in crypto/pkcs7/pk7_smime.c within the PKCS7_verify() routine. When parsing a SignedData structure containing an empty digestAlgorithms ASN.1 SET, the verification path mishandles ownership of the input BIO chain. The function frees a BIO that the calling application still owns and references. After PKCS7_verify() returns, the application's later call to BIO_free() on the same pointer operates on freed memory. This is classified as a use-after-free [CWE-416].
Root Cause
The root cause is incorrect lifetime management of the BIO object passed by the caller. OpenSSL's PKCS#7 verification code freed an internal BIO chain that incorrectly included the caller-owned BIO when digestAlgorithms was empty. The fix introduces an additional BIO *next tracking variable to preserve correct chain boundaries and prevent the caller-owned BIO from being released by the library.
Attack Vector
An attacker delivers a crafted PKCS#7 or S/MIME signed message to a vulnerable application. Network delivery is the typical channel, for example through email gateways, signing services, or APIs that accept signed payloads. Successful triggering depends on the allocator behavior and how the application reuses the BIO after PKCS7_verify() returns. Outcomes range from denial of service through process crashes to heap corruption, with potential for remote code execution in certain application contexts.
int i, j = 0, k, ret = 0;
BIO *p7bio = NULL;
BIO *tmpout = NULL;
+ BIO *next = NULL;
const PKCS7_CTX *p7_ctx;
if (p7 == NULL) {
Source: OpenSSL Commit 3aad5eb7 — the patch adds a next pointer to track BIO chain ownership so caller-owned BIOs are no longer freed inside PKCS7_verify().
Detection Methods for CVE-2026-45447
Indicators of Compromise
- Unexpected crashes or segmentation faults in processes calling PKCS7_verify() shortly after parsing inbound signed messages
- Heap corruption diagnostics (glibc malloc() errors, ASan reports) emitted by services that process S/MIME or PKCS#7 content
- Inbound S/MIME or PKCS#7 messages containing a SignedData structure with an empty digestAlgorithms ASN.1 SET
Detection Strategies
- Inspect mail and message gateways for S/MIME payloads with malformed or empty digestAlgorithms fields using ASN.1-aware parsers
- Run vulnerable services under address sanitizers or hardened allocators in test environments to surface the use-after-free during fuzzing
- Inventory binaries linking against libcrypto and flag those calling PKCS7_verify() from user-facing input paths
Monitoring Recommendations
- Monitor for repeated abnormal terminations of PKCS#7-handling services and correlate with inbound message metadata
- Track OpenSSL package versions across the fleet and alert when hosts run versions prior to the fix
- Capture telemetry on email security gateways and signing services for spikes in malformed signed-message rejections
How to Mitigate CVE-2026-45447
Immediate Actions Required
- Upgrade OpenSSL to a version containing the fix commits referenced in the OpenSSL Security Advisory
- Audit applications for direct use of PKCS7_verify() and prioritize patching network-exposed services first
- Where feasible, migrate from PKCS#7 APIs to the CMS APIs, which are not affected by this issue
Patch Information
The fix is delivered in OpenSSL upstream commits 3aad5eb7, 7d4a980c, 9dfd688a, a541ae8b, and c505d755. The patches modify crypto/pkcs7/pk7_smime.c to track BIO chain ownership with an added next pointer, preventing the caller-owned BIO from being freed inside PKCS7_verify(). Refer to the OpenSSL Security Advisory for affected versions and fixed releases.
Workarounds
- Route PKCS#7 and S/MIME verification through the CMS API (CMS_verify()), which is not affected by this vulnerability
- Pre-validate inbound signed messages with an ASN.1 schema check and reject messages that contain an empty digestAlgorithmsSET
- Restrict and authenticate sources permitted to submit signed messages to verification endpoints until patches are deployed
# Verify installed OpenSSL version and identify affected hosts
openssl version -a
# Example: rebuild and link applications against the patched library
# After installing the fixed package, restart services that call PKCS7_verify()
systemctl restart <service-name>
# Optional: prefer the CMS API in application code
# Replace PKCS7_verify(p7, certs, store, indata, out, flags)
# with CMS_verify(cms, certs, store, indata, out, flags)
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
