Tracked as CVE-2026-31790, the flaw affects the RSA Key Encapsulation Mechanism (KEM), specifically the RSASVE encapsulation process used to securely exchange encryption keys.
OpenSSL published an advisory on April 7, 2026, warning users to apply patches as soon as possible.
The root cause of the issue lies in how OpenSSL handles failures during RSA encryption. When applications generate a shared secret using RSASVE, they rely on the function RSA_public_encrypt() to perform encryption and return a status code.
Under normal conditions, this function returns the number of bytes written on success and -1 when an error occurs.
However, due to improper validation logic in affected versions, the code only checks whether the return value is non-zero.
This creates a critical flaw: a return value of -1, which indicates failure, is mistakenly treated as a successful operation.
As a result, the application continues the encapsulation process even though encryption has failed. It sets output lengths and processes the ciphertext buffer as if it contains valid encrypted data.
This flawed logic opens the door for attackers to exploit the vulnerability by supplying a malformed or invalid RSA public key.
If the application does not properly validate the key beforehand, the failed encryption attempt is misinterpreted as successful.
In such cases, the system may return uninitialized memory from the ciphertext buffer back to the attacker.
This “stale” memory can contain sensitive data left over from previous operations, including cryptographic material or application data.
For example, a malicious client interacting with a vulnerable server could repeatedly send crafted public keys and receive fragments of memory in response, potentially leading to data leakage over time.
The vulnerability impacts OpenSSL 3.x versions, while legacy branches such as 1.0.2 and 1.1.1 remain unaffected. Security updates have been released to address the issue:
The flaw was reported by Simo Sorce of Red Hat in February 2026, with a fix developed by Nikola Pajkovsky.
Organizations unable to immediately apply patches can reduce risk through code-level safeguards. Developers are advised to validate RSA public keys before performing encapsulation.
Calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() prior to EVP_PKEY_encapsulate() ensures that invalid keys are rejected early, preventing the faulty execution path and blocking potential memory leaks.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Multiple OpenSSL Flaws Expose Sensitive Data in RSA KEM Handling appeared first on Cyber Security News.
50 Years Ago The chair of the Governor’s Advisory Committee on Corrections has said that…
BOSTON — A group of Worthington residents took their advocacy to the State House Wednesday…
EASTHAMPTON — When Arab American and Easthampton resident Merriam Ansara heard President Donald Trump’s threats on…
BOSTON — A Northampton resident on the frontlines of a statewide movement advocating for legislation…
EASTHAMPTON — City officials are weighing whether to ask voters to approve a roughly $5.8 million…
HADLEY — Fewer people are having kids — they’re having dogs. That shift, among other…
This website uses cookies.