Tracked as CVE-2026-31790, the flaw affects the RSA Key Encapsulation Mechanism (KEM), specifically the RSASVE encapsulation process used to securely exchange encryption keys.
OpenSSL published an advisory on April 7, 2026, warning users to apply patches as soon as possible.
The root cause of the issue lies in how OpenSSL handles failures during RSA encryption. When applications generate a shared secret using RSASVE, they rely on the function RSA_public_encrypt() to perform encryption and return a status code.
Under normal conditions, this function returns the number of bytes written on success and -1 when an error occurs.
However, due to improper validation logic in affected versions, the code only checks whether the return value is non-zero.
This creates a critical flaw: a return value of -1, which indicates failure, is mistakenly treated as a successful operation.
As a result, the application continues the encapsulation process even though encryption has failed. It sets output lengths and processes the ciphertext buffer as if it contains valid encrypted data.
This flawed logic opens the door for attackers to exploit the vulnerability by supplying a malformed or invalid RSA public key.
If the application does not properly validate the key beforehand, the failed encryption attempt is misinterpreted as successful.
In such cases, the system may return uninitialized memory from the ciphertext buffer back to the attacker.
This “stale” memory can contain sensitive data left over from previous operations, including cryptographic material or application data.
For example, a malicious client interacting with a vulnerable server could repeatedly send crafted public keys and receive fragments of memory in response, potentially leading to data leakage over time.
The vulnerability impacts OpenSSL 3.x versions, while legacy branches such as 1.0.2 and 1.1.1 remain unaffected. Security updates have been released to address the issue:
The flaw was reported by Simo Sorce of Red Hat in February 2026, with a fix developed by Nikola Pajkovsky.
Organizations unable to immediately apply patches can reduce risk through code-level safeguards. Developers are advised to validate RSA public keys before performing encapsulation.
Calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() prior to EVP_PKEY_encapsulate() ensures that invalid keys are rejected early, preventing the faulty execution path and blocking potential memory leaks.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Multiple OpenSSL Flaws Expose Sensitive Data in RSA KEM Handling appeared first on Cyber Security News.
I first got into reading romantasy books after a friend of mine recommended Fourth Wing…
IO Interactive has assured fans that there will be more Hitman adventures, and the team…
Diablo 4 fans have finally discovered the game's secret cow level, though some fans are…
INDIANAPOLIS, Ind. (WOWO) — A federal judge has cleared the way for a religious freedom…
INDIANAPOLIS, Ind. (WOWO) — The generosity of FOX59/CBS4 viewers will help provide thousands of meals…
American politician and diplomat Howard Baker (1925-2014), United States Senator from Tennessee, during the Select…
This website uses cookies.