Skip to content

OpenSSL 3.6.2

Latest
Latest

Choose a tag to compare

View all tags
@openssl-machine openssl-machine released this 07 Apr 12:23
· 1594 commits to master since this release
openssl-3.6.2
fe686e1

OpenSSL 3.6.2 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

  • Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
    (CVE-2026-31790)

  • Fixed loss of key agreement group tuple structure when the DEFAULT keyword
    is used in the server-side configuration of the key-agreement group list.
    (CVE-2026-2673)

  • Fixed out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support.
    (CVE-2026-28386)

  • Fixed potential use-after-free in DANE client code.
    (CVE-2026-28387)

  • Fixed NULL pointer dereference when processing a delta CRL.
    (CVE-2026-28388)

  • Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
    (CVE-2026-28389)

  • Fixed possible NULL dereference when processing CMS
    KeyTransportRecipientInfo.
    (CVE-2026-28390)

  • Fixed heap buffer overflow in hexadecimal conversion.
    (CVE-2026-31789)

Assets 6
Loading
2 Join discussion