{"id":"CVE-2026-31790","summary":"Incorrect Failure Handling in RSA KEM RSASVE Encapsulation","details":"Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.","modified":"2026-05-01T04:19:21.660223Z","published":"2026-04-07T22:00:56.698Z","related":["SUSE-SU-2026:1213-1","SUSE-SU-2026:1214-1","SUSE-SU-2026:1215-1","SUSE-SU-2026:1216-1","SUSE-SU-2026:1256-1","SUSE-SU-2026:1257-1","SUSE-SU-2026:1291-1","SUSE-SU-2026:1375-1","SUSE-SU-2026:21037-1","SUSE-SU-2026:21065-1","SUSE-SU-2026:21107-1","SUSE-SU-2026:21186-1","openSUSE-SU-2026:10533-1","openSUSE-SU-2026:20525-1"],"database_specific":{"cna_assigner":"openssl","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31790.json","cwe_ids":["CWE-754"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31790.json"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31790"},{"type":"ADVISORY","url":"https://openssl-library.org/news/secadv/20260407.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"7b371d80d959ec9ab4139d09d78e83c090de9779"},{"fixed":"fe686e15d84334b284f883118ed92f64b409b3aa"},{"introduced":"636dfadc70ce26f2473870570bfd9ec352806b1d"},{"fixed":"286ddeaac037533bbdce65b3c689e3f7ffebf0f6"},{"introduced":"98acb6b02839c609ef5b837794e08d906d965335"},{"fixed":"03b8620d6e9b7b4d5701865edb6ad86101fe5517"},{"introduced":"4cb31128b5790819dfeea2739fbde265f71a10a2"},{"fixed":"204165c1550d3aa0f49395af654124cec2bbabf9"},{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"5aada9c299a3b28fc82348f4e2b93805fa0a0e9c"}],"database_specific":{"extracted_events":[{"introduced":"3.6.0"},{"fixed":"3.6.2"},{"introduced":"3.5.0"},{"fixed":"3.5.6"},{"introduced":"3.4.0"},{"fixed":"3.4.5"},{"introduced":"3.3.0"},{"fixed":"3.3.7"},{"introduced":"3.0.0"},{"fixed":"3.0.20"}],"source":"AFFECTED_FIELD"}}],"versions":["3.0-POST-CLANG-FORMAT-WEBKIT","3.0-PRE-CLANG-FORMAT-WEBKIT","3.3-POST-CLANG-FORMAT-WEBKIT","3.3-PRE-CLANG-FORMAT-WEBKIT","3.4-POST-CLANG-FORMAT-WEBKIT","3.4-PRE-CLANG-FORMAT-WEBKIT","3.5-POST-CLANG-FORMAT-WEBKIT","3.5-PRE-CLANG-FORMAT-WEBKIT","3.6-POST-CLANG-FORMAT-WEBKIT","3.6-PRE-CLANG-FORMAT-WEBKIT","openssl-3.0.0","openssl-3.0.1","openssl-3.0.10","openssl-3.0.11","openssl-3.0.12","openssl-3.0.13","openssl-3.0.14","openssl-3.0.15","openssl-3.0.16","openssl-3.0.17","openssl-3.0.18","openssl-3.0.19","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.0.8","openssl-3.0.9","openssl-3.3.0","openssl-3.3.1","openssl-3.3.2","openssl-3.3.3","openssl-3.3.4","openssl-3.3.5","openssl-3.3.6","openssl-3.4.0","openssl-3.4.1","openssl-3.4.2","openssl-3.4.3","openssl-3.4.4","openssl-3.5.0","openssl-3.5.1","openssl-3.5.2","openssl-3.5.3","openssl-3.5.4","openssl-3.5.5","openssl-3.6.0","openssl-3.6.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31790.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}