Skip to main content
CVE Vulnerability Database

CVE-2026-7383: OpenSSL Buffer Overflow Vulnerability

CVE-2026-7383 is a heap buffer overflow in OpenSSL's ASN1_mbstring_ncopy() function caused by signed integer overflow. This article covers the technical details, affected versions, and mitigation strategies.

Published:

CVE-2026-7383 Overview

CVE-2026-7383 is a signed integer overflow in OpenSSL's ASN1_mbstring_ncopy() and ASN1_mbstring_copy() functions that leads to a heap buffer overflow [CWE-787]. The destination buffer size for Unicode output is computed in a signed int, which wraps when input character counts approach 2^30. In the worst case with UNIVERSALSTRING, the size wraps to zero, OPENSSL_malloc(1) is called, and the subsequent copy writes several gigabytes past a one-byte allocation. The flaw can cause crashes or attacker-controlled code execution. OpenSSL's certificate and network protocol paths do not exercise the bug, so triggering it requires an application that calls the affected functions directly with attacker-controlled input on the order of half a gigabyte or more.

Critical Impact

Heap buffer overflow that may lead to crash, attacker-controlled code execution, or other undefined behavior in applications calling ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly with very large attacker-controlled inputs.

Affected Products

  • OpenSSL versions containing the unpatched crypto/asn1/a_mbstr.c implementation of ASN1_mbstring_copy() and ASN1_mbstring_ncopy()
  • Applications using ASN1_STRING_TABLE_add() to register custom string types
  • Note: FIPS modules in OpenSSL 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected, as the affected code is outside the FIPS module boundary

Discovery Timeline

  • 2026-06-09 - CVE-2026-7383 published to NVD
  • 2026-06-09 - OpenSSL Security Advisory released
  • 2026-06-10 - Last updated in NVD database

Technical Details for CVE-2026-7383

Vulnerability Analysis

The vulnerability resides in crypto/asn1/a_mbstr.c, where ASN1_mbstring_ncopy() computes the destination buffer size for Unicode output using a signed integer. For BMPSTRING (UTF-16), the input character count is left-shifted by one. For UNIVERSALSTRING (UTF-32), it is left-shifted by two. For UTF8STRING, per-character byte counts are summed. When the input reaches approximately 2^30 characters, the multiplication overflows the signed int range.

In the worst-case UNIVERSALSTRING scenario at 2^30 characters, nchar << 2 wraps to zero. The allocator then receives a request for one byte via OPENSSL_malloc(1). The subsequent character copy proceeds to write several gigabytes of data past the one-byte allocation, corrupting the heap.

Root Cause

The root cause is missing bounds validation on the input character count before performing the size calculation. The shift operations and per-character summation are not guarded against integer wrap, allowing attacker-controlled input length to drive the destination size to a value smaller than the data that will be written.

Attack Vector

Exploitation requires an application that invokes ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or that registers a custom string type via ASN1_STRING_TABLE_add(), with attacker-controlled input of roughly half a gigabyte or more. X.509 certificate processing routes through ASN1_STRING_set_by_NID(), whose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID size limits cap input length. No standard OpenSSL network protocol or certificate-handling path reaches the overflow.

c
        break;

    case MBSTRING_BMP:
+       if (nchar > INT_MAX / 2) {
+           ERR_raise(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG);
+           if (free_out) {
+               ASN1_STRING_free(dest);
+               *out = NULL;
+           }
+           return -1;
+       }
        outlen = nchar << 1;
        cpyfunc = cpy_bmp;
        break;

    case MBSTRING_UNIV:
+       if (nchar > INT_MAX / 4) {
+           ERR_raise(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG);
+           if (free_out) {
+               ASN1_STRING_free(dest);
+               *out = NULL;
+           }
+           return -1;
+       }
        outlen = nchar << 2;
        cpyfunc = cpy_univ;
        break;

    case MBSTRING_UTF8:
        outlen = 0;

Source: OpenSSL Commit 4f8d2bd. The patch adds explicit INT_MAX / 2 and INT_MAX / 4 checks on nchar before the shift, returning an ASN1_R_STRING_TOO_LONG error when the input would overflow.

Detection Methods for CVE-2026-7383

Indicators of Compromise

  • Process crashes in software linked against OpenSSL with stack traces referencing ASN1_mbstring_copy, ASN1_mbstring_ncopy, cpy_bmp, or cpy_univ
  • Heap corruption errors or SIGSEGV from applications that parse very large ASN.1 string inputs
  • Application logs showing inputs to ASN.1 string handling functions approaching 2^30 characters or larger

Detection Strategies

  • Inventory all binaries linked against vulnerable OpenSSL versions and identify those calling ASN1_mbstring_copy(), ASN1_mbstring_ncopy(), or ASN1_STRING_TABLE_add() directly
  • Enable AddressSanitizer (ASan) in test builds of applications that process attacker-controlled ASN.1 strings to surface the overflow
  • Apply input size validation at application boundaries to reject ASN.1 string inputs exceeding sensible limits before they reach OpenSSL

Monitoring Recommendations

  • Monitor for crash telemetry on services that accept large untrusted binary inputs and link OpenSSL
  • Alert on memory allocation requests for one byte followed by large memory writes in instrumented environments
  • Track OpenSSL version distribution across the fleet and flag hosts running unpatched releases

How to Mitigate CVE-2026-7383

Immediate Actions Required

  • Upgrade OpenSSL to a release containing the fix referenced in the OpenSSL Security Advisory
  • Audit application code for direct calls to ASN1_mbstring_copy(), ASN1_mbstring_ncopy(), and ASN1_STRING_TABLE_add() and enforce input length limits at the caller
  • Rebuild and redeploy any statically linked binaries that bundle a vulnerable OpenSSL version

Patch Information

The OpenSSL project published fixes that add explicit size checks before the shift operations in crypto/asn1/a_mbstr.c. Reference commits include 4f8d2bd, 80c15fa, bd17511, c332ada, and d32350a. The fix rejects inputs where nchar > INT_MAX / 2 for BMPSTRING and nchar > INT_MAX / 4 for UNIVERSALSTRING, raising ASN1_R_STRING_TOO_LONG.

Workarounds

  • Cap input length at the application layer before passing data to ASN1_mbstring_copy() or ASN1_mbstring_ncopy(), rejecting inputs over a few megabytes
  • Avoid registering custom string types via ASN1_STRING_TABLE_add() that route untrusted input through the vulnerable path
  • Where feasible, route ASN.1 string handling through ASN1_STRING_set_by_NID(), which applies per-NID size limits and excludes UNIVERSALSTRING
bash
# Verify installed OpenSSL version and confirm patched release
openssl version -a

# Example application-layer guard before invoking the affected APIs
# Reject ASN.1 string inputs larger than 16 MiB
MAX_ASN1_STRING_BYTES=16777216

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.