MNBSD-2026-29: incorrect failure handling in RSA KEM RSASVE encapsulation leaks uninitialized memory

Severity: Unknown

Affected Package: openssl

Summary: incorrect failure handling in RSA KEM RSASVE encapsulation leaks uninitialized memory

Description

Applications using RSASVE key encapsulation to establish a secret encryption key can send the contents of an uninitialized memory buffer to a malicious peer. The uninitialized buffer might contain sensitive data from a previous execution, leading to sensitive data leakage. Severity: Moderate (OpenSSL).

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-31790

Published: June 11, 2026
Last Modified: June 11, 2026