MNBSD-2026-44: out-of-bounds memory access with invalid low-level GF(2^m) elliptic curve parameters

Severity: Unknown

Affected Package: openssl

Summary: out-of-bounds memory access with invalid low-level GF(2^m) elliptic curve parameters

Description

Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Applications working with exotic explicit binary curve parameters may terminate abruptly; remote code execution cannot easily be ruled out. Severity: Low (OpenSSL).

Affected Versions

openssl

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2024-9143

Published: June 11, 2026
Last Modified: June 11, 2026