CVE-2026-7383 Overview
CVE-2026-7383 is a signed integer overflow in OpenSSL's ASN1_mbstring_ncopy() and ASN1_mbstring_copy() functions that leads to a heap buffer overflow [CWE-787]. The destination buffer size for Unicode output is computed in a signed int, which wraps when input character counts approach 2^30. In the worst case with UNIVERSALSTRING, the size wraps to zero, OPENSSL_malloc(1) is called, and the subsequent copy writes several gigabytes past a one-byte allocation. The flaw can cause crashes or attacker-controlled code execution. OpenSSL's certificate and network protocol paths do not exercise the bug, so triggering it requires an application that calls the affected functions directly with attacker-controlled input on the order of half a gigabyte or more.
Critical Impact
Heap buffer overflow that may lead to crash, attacker-controlled code execution, or other undefined behavior in applications calling ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly with very large attacker-controlled inputs.
Affected Products
- OpenSSL versions containing the unpatched crypto/asn1/a_mbstr.c implementation of ASN1_mbstring_copy() and ASN1_mbstring_ncopy()
- Applications using ASN1_STRING_TABLE_add() to register custom string types
- Note: FIPS modules in OpenSSL 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected, as the affected code is outside the FIPS module boundary
Discovery Timeline
- 2026-06-09 - CVE-2026-7383 published to NVD
- 2026-06-09 - OpenSSL Security Advisory released
- 2026-06-10 - Last updated in NVD database
Technical Details for CVE-2026-7383
Vulnerability Analysis
The vulnerability resides in crypto/asn1/a_mbstr.c, where ASN1_mbstring_ncopy() computes the destination buffer size for Unicode output using a signed integer. For BMPSTRING (UTF-16), the input character count is left-shifted by one. For UNIVERSALSTRING (UTF-32), it is left-shifted by two. For UTF8STRING, per-character byte counts are summed. When the input reaches approximately 2^30 characters, the multiplication overflows the signed int range.
In the worst-case UNIVERSALSTRING scenario at 2^30 characters, nchar << 2 wraps to zero. The allocator then receives a request for one byte via OPENSSL_malloc(1). The subsequent character copy proceeds to write several gigabytes of data past the one-byte allocation, corrupting the heap.
Root Cause
The root cause is missing bounds validation on the input character count before performing the size calculation. The shift operations and per-character summation are not guarded against integer wrap, allowing attacker-controlled input length to drive the destination size to a value smaller than the data that will be written.
Attack Vector
Exploitation requires an application that invokes ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or that registers a custom string type via ASN1_STRING_TABLE_add(), with attacker-controlled input of roughly half a gigabyte or more. X.509 certificate processing routes through ASN1_STRING_set_by_NID(), whose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID size limits cap input length. No standard OpenSSL network protocol or certificate-handling path reaches the overflow.
break;
case MBSTRING_BMP:
+ if (nchar > INT_MAX / 2) {
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG);
+ if (free_out) {
+ ASN1_STRING_free(dest);
+ *out = NULL;
+ }
+ return -1;
+ }
outlen = nchar << 1;
cpyfunc = cpy_bmp;
break;
case MBSTRING_UNIV:
+ if (nchar > INT_MAX / 4) {
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG);
+ if (free_out) {
+ ASN1_STRING_free(dest);
+ *out = NULL;
+ }
+ return -1;
+ }
outlen = nchar << 2;
cpyfunc = cpy_univ;
break;
case MBSTRING_UTF8:
outlen = 0;
Source: OpenSSL Commit 4f8d2bd. The patch adds explicit INT_MAX / 2 and INT_MAX / 4 checks on nchar before the shift, returning an ASN1_R_STRING_TOO_LONG error when the input would overflow.
Detection Methods for CVE-2026-7383
Indicators of Compromise
- Process crashes in software linked against OpenSSL with stack traces referencing ASN1_mbstring_copy, ASN1_mbstring_ncopy, cpy_bmp, or cpy_univ
- Heap corruption errors or SIGSEGV from applications that parse very large ASN.1 string inputs
- Application logs showing inputs to ASN.1 string handling functions approaching 2^30 characters or larger
Detection Strategies
- Inventory all binaries linked against vulnerable OpenSSL versions and identify those calling ASN1_mbstring_copy(), ASN1_mbstring_ncopy(), or ASN1_STRING_TABLE_add() directly
- Enable AddressSanitizer (ASan) in test builds of applications that process attacker-controlled ASN.1 strings to surface the overflow
- Apply input size validation at application boundaries to reject ASN.1 string inputs exceeding sensible limits before they reach OpenSSL
Monitoring Recommendations
- Monitor for crash telemetry on services that accept large untrusted binary inputs and link OpenSSL
- Alert on memory allocation requests for one byte followed by large memory writes in instrumented environments
- Track OpenSSL version distribution across the fleet and flag hosts running unpatched releases
How to Mitigate CVE-2026-7383
Immediate Actions Required
- Upgrade OpenSSL to a release containing the fix referenced in the OpenSSL Security Advisory
- Audit application code for direct calls to ASN1_mbstring_copy(), ASN1_mbstring_ncopy(), and ASN1_STRING_TABLE_add() and enforce input length limits at the caller
- Rebuild and redeploy any statically linked binaries that bundle a vulnerable OpenSSL version
Patch Information
The OpenSSL project published fixes that add explicit size checks before the shift operations in crypto/asn1/a_mbstr.c. Reference commits include 4f8d2bd, 80c15fa, bd17511, c332ada, and d32350a. The fix rejects inputs where nchar > INT_MAX / 2 for BMPSTRING and nchar > INT_MAX / 4 for UNIVERSALSTRING, raising ASN1_R_STRING_TOO_LONG.
Workarounds
- Cap input length at the application layer before passing data to ASN1_mbstring_copy() or ASN1_mbstring_ncopy(), rejecting inputs over a few megabytes
- Avoid registering custom string types via ASN1_STRING_TABLE_add() that route untrusted input through the vulnerable path
- Where feasible, route ASN.1 string handling through ASN1_STRING_set_by_NID(), which applies per-NID size limits and excludes UNIVERSALSTRING
# Verify installed OpenSSL version and confirm patched release
openssl version -a
# Example application-layer guard before invoking the affected APIs
# Reject ASN.1 string inputs larger than 16 MiB
MAX_ASN1_STRING_BYTES=16777216
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

