CVE-2026-34180

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms.

Impact summary: The heap buffer over-read may crash the application (Denial of Service) or to load into the decoded ASN.1 object contents of memory beyond the end of the input buffer. More typically such ASN.1 elements would instead be truncated.

An integer truncation in OpenSSL's ASN.1 decoder causes the content length of an ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In the worst case the truncated length is treated as a request to scan the binary content for a terminating zero byte, possibly causing OpenSSL to read either less than or beyond the end of the allocated buffer.

Applications that pass attacker-supplied data to d2iX509(), d2iPKCS7(), or any other d2i_* decoding function are affected. OpenSSL's own command-line tools are not vulnerable, as data read through the BIO layer is checked before it reaches the affected code. The issue only affects 64-bit Unix and Unix-like platforms; 32-bit platforms and 64-bit Windows are not affected.

The FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/34xxx/CVE-2026-34180.json",
    "cwe_ids": [
        "CWE-125"
    ],
    "cna_assigner": "openssl"
}

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type

GIT

Repo

https://github.com/openssl/openssl

Events

Introduced

11b7b6ea3b65a584e1d31408ed1bdb139465cffd

Fixed

1e963a8680ec78ad2072792c7a1a71f3c530bd2e

Introduced

7b371d80d959ec9ab4139d09d78e83c090de9779

Fixed

aae016bfd52fcad2bc9657c2c782cfdf73b1ed5f

Introduced

636dfadc70ce26f2473870570bfd9ec352806b1d

Fixed

8cf17aaeb4599f8af87fefd810b5b5fee90fe69e

Introduced

98acb6b02839c609ef5b837794e08d906d965335

Fixed

c5ea1cc227fd60afae8ac4b9438690bbe4888f79

Introduced

89cd17a031e022211684eb7eb41190cf1910f9fa

Fixed

51ea949dc1436e865935b47874b21a3bb31a102e

Introduced

e04bd3433fd84e1861bf258ea37928d9845e6a86

Fixed

e04bd3433fd84e1861bf258ea37928d9845e6a86

Introduced

e818b74be2170fbe957a07b0da4401c2b694b3b8

Fixed

e818b74be2170fbe957a07b0da4401c2b694b3b8

Database specific

{
    "extracted_events": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.1"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.3"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.7"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.6"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.21"
        },
        {
            "introduced": "1.1.1"
        },
        {
            "fixed": "1.1.1zh"
        },
        {
            "introduced": "1.0.2"
        },
        {
            "fixed": "1.0.2zq"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

3.*

3.0-POST-CLANG-FORMAT-WEBKIT

3.0-PRE-CLANG-FORMAT-WEBKIT

3.4-POST-CLANG-FORMAT-WEBKIT

3.4-PRE-CLANG-FORMAT-WEBKIT

3.5-POST-CLANG-FORMAT-WEBKIT

3.5-PRE-CLANG-FORMAT-WEBKIT

3.6-POST-CLANG-FORMAT-WEBKIT

3.6-PRE-CLANG-FORMAT-WEBKIT

openssl-3.*

openssl-3.0.0

openssl-3.0.1

openssl-3.0.10

openssl-3.0.11

openssl-3.0.12

openssl-3.0.13

openssl-3.0.14

openssl-3.0.15

openssl-3.0.16

openssl-3.0.17

openssl-3.0.18

openssl-3.0.19

openssl-3.0.2

openssl-3.0.20

openssl-3.0.3

openssl-3.0.4

openssl-3.0.5

openssl-3.0.6

openssl-3.0.7

openssl-3.0.8

openssl-3.0.9

openssl-3.4.0

openssl-3.4.1

openssl-3.4.2

openssl-3.4.3

openssl-3.4.4

openssl-3.4.5

openssl-3.5.0

openssl-3.5.1

openssl-3.5.2

openssl-3.5.3

openssl-3.5.4

openssl-3.5.5

openssl-3.5.6

openssl-3.6.0

openssl-3.6.1

openssl-3.6.2

openssl-4.*

openssl-4.0.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "28170854778703993674264004058177114599",
                "73132526844288570625317440636111911761",
                "177405411499435185068645597737938634778",
                "224809958623850711330610094965797758930",
                "295554444428855106393106961197201359586"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "id": "CVE-2026-34180-c377fa22",
        "target": {
            "file": "include/openssl/opensslv.h"
        },
        "deprecated": false,
        "source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
        "signature_type": "Line"
    },
    {
        "digest": {
            "line_hashes": [
                "251633914150035957322733061977107206211",
                "338514574181828579838011565939158652696",
                "76638288692106140328510055542557597351",
                "142922657400765574308962710386922248045",
                "71649992455794854055653842592139575350",
                "65527166711110472566013424527579064967",
                "253196866009476977787139000804413898733",
                "172177136897997206866313011107384691461"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2026-34180-e051451f",
        "signature_version": "v1",
        "target": {
            "file": "crypto/opensslv.h"
        },
        "deprecated": false,
        "source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8",
        "signature_type": "Line"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-34180.json"

vanir_signatures_modified

"2026-06-11T08:15:14Z"