MNBSD-2026-35: stack buffer overflow in CMS AuthEnvelopedData parsing

Severity: Unknown

Affected Package: openssl

Summary: stack buffer overflow in CMS AuthEnvelopedData parsing

Description

Parsing a CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow, which may lead to a crash (Denial of Service) or potentially remote code execution. Severity: High (OpenSSL).

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2025-15467

Published: June 11, 2026
Last Modified: June 11, 2026