{"id":61375,"date":"2026-06-09T14:00:08","date_gmt":"2026-06-09T14:00:08","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=61375"},"modified":"2026-06-09T14:00:08","modified_gmt":"2026-06-09T14:00:08","slug":"possible-heap-buffer-overflow-in-asn1-multibyte-string-conversion","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=61375","title":{"rendered":"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383"},"content":{"rendered":"

{“lastseen”:””,”description”:”Issue summary: A signed integer overflow when sizing the destination\\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\\nbuffer overflow.\\n\\nImpact summary: A heap buffer overflow may lead to a crash or possibly\\nattacker controlled code execution or other undefined behaviour.\\n\\nIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\\nsize for Unicode output is computed in a signed int: by left shift\\nof the input character count for BMPSTRING (UTF-16) and\\nUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\\nfor UTF8STRING. The calculation overflows when the input reaches\\naround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\\ncharacters) the size wraps to zero, OPENSSL_malloc(1) is called, and\\nthe subsequent character copy writes several gigabytes past the\\none-byte allocation.\\n\\nX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\\nwhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\\nsize limits cap the input length; no network protocol or\\ncertificate-handling path in OpenSSL exercises the overflow.\\nTriggering the bug requires an application that calls\\nASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\\na custom string type via ASN1_STRING_TABLE_add(), with\\nattacker-controlled input on the order of half a gigabyte or more.\\nFor these reasons this issue was assigned Low severity.\\n\\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\\nthis issue, as the affected code is outside the OpenSSL FIPS module\\nboundary.”,”published”:”2026-06-09T16:03:15.508Z”,”modified”:”2026-06-09T16:48:55.394Z”,”type”:”cve”,”title”:”Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion”,”source”:”openssl”,”references”:”https:\/\/openssl-library.org\/news\/secadv\/20260609.txt\\nhttps:\/\/github.com\/openssl\/security\/commit\/d32350ae8ef7426718f5aa9e383d4b51398ee255\\nhttps:\/\/github.com\/openssl\/security\/commit\/c332adaced43bcbb85f97410597e951c11ec3083\\nhttps:\/\/github.com\/openssl\/security\/commit\/80c15faaf78042bbb8654a0e234c50c381732f74\\nhttps:\/\/github.com\/openssl\/security\/commit\/4f8d2bddaa2c8e06f9c33390ee1717059a6e4be6\\nhttps:\/\/github.com\/openssl\/security\/commit\/bd17511070fb39a67bfa19682affb765e706a974″,”id”:”CVE-2026-7383″,”bulletinFamily”:””,”cwe”:[“CWE-787″],”cvelist”:null,”sourceData”:”OpenSSL OpenSSL 4.0.0\\nOpenSSL OpenSSL 3.6.0\\nOpenSSL OpenSSL 3.5.0\\nOpenSSL OpenSSL 3.4.0\\nOpenSSL OpenSSL 3.0.0\\nOpenSSL OpenSSL 1.1.1\\nOpenSSL OpenSSL 1.0.2″,”sourceHref”:””,”cvss”:{“score”:8.1,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”OpenSSL”,”version”:”4.0.0″,”vendor”:”OpenSSL”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”Issue summary: A signed integer overflow when sizing the destination\\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\\nbuffer overflow.\\n\\nImpact summary: A heap buffer…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,52,12,15,13,7,11,5],"class_list":["post-61375","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-81","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nPossible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=61375\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”Issue summary: A signed integer overflow when sizing the destinationnbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heapnbuffer overflow.nnImpact summary: A heap buffer...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=61375\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-09T14:00:08+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=61375#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=61375\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383\",\"datePublished\":\"2026-06-09T14:00:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=61375\"},\"wordCount\":449,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.1\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=61375#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=61375\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=61375\",\"name\":\"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-06-09T14:00:08+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=61375#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=61375\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=61375#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=61375","og_locale":"en_US","og_type":"article","og_title":"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383 - zero redgem","og_description":"{“lastseen”:””,”description”:”Issue summary: A signed integer overflow when sizing the destinationnbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heapnbuffer overflow.nnImpact summary: A heap buffer...","og_url":"https:\/\/zero.redgem.net\/?p=61375","og_site_name":"zero redgem","article_published_time":"2026-06-09T14:00:08+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=61375#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=61375"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383","datePublished":"2026-06-09T14:00:08+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=61375"},"wordCount":449,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.1","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=61375#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=61375","url":"https:\/\/zero.redgem.net\/?p=61375","name":"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-06-09T14:00:08+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=61375#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=61375"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=61375#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion_CVE-2026-7383"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/61375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=61375"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/61375\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=61375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=61375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=61375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}