CLSA-2026-1780062952
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu20.04els/CLSA-2026-1780062952.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1780062952
- Upstream
- Published
- 2026-05-29T13:55:57Z
- Modified
- 2026-06-04T09:47:21.962885320Z
- Summary
- Fix CVE(s): CVE-2026-28389
- Details
-
- SECURITY UPDATE: NULL pointer dereference in CMS EnvelopedData processing
when a KeyAgreeRecipientInfo message omits the optional parameters field of
KeyEncryptionAlgorithmIdentifier. Both dhcmssetsharedinfo() and
ecdhcmssetsharedinfo() dereference alg->parameter without a NULL check,
allowing a remote attacker to crash applications that process untrusted CMS
data (e.g. S/MIME decryption), causing Denial of Service before any
authentication or cryptographic operations occur.
- debian/patches/CVE-2026-28389.patch: use X509ALGORget0() to safely extract algorithm OID and parameter type/value in dhcmssetsharedinfo() in crypto/dh/dhameth.c and ecdhcmssetsharedinfo() in crypto/ec/ecameth.c instead of dereferencing alg->parameter directly
- CVE-2026-28389
- SECURITY UPDATE: NULL pointer dereference in CMS EnvelopedData processing
when a KeyAgreeRecipientInfo message omits the optional parameters field of
KeyEncryptionAlgorithmIdentifier. Both dhcmssetsharedinfo() and
ecdhcmssetsharedinfo() dereference alg->parameter without a NULL check,
allowing a remote attacker to crash applications that process untrusted CMS
data (e.g. S/MIME decryption), causing Denial of Service before any
authentication or cryptographic operations occur.
- References
Affected packages
TuxCare:Ubuntu:20.04 / libssl-dev
Package
- Name
- libssl-dev
- Purl
- pkg:deb/tuxcare/libssl-dev?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / libssl-doc
Package
- Name
- libssl-doc
- Purl
- pkg:deb/tuxcare/libssl-doc?distro=ubuntu-20.04
TuxCare:Ubuntu:20.04 / libssl1.1
Package
- Name
- libssl1.1
- Purl
- pkg:deb/tuxcare/libssl1.1?distro=ubuntu-20.04