FireDaemon OpenSSL Security Update: April 2026 Patches
- 4 days ago
- 4 min read
April 8, 2026: FireDaemon has released updated OpenSSL installers and binary distributions addressing seven security vulnerabilities disclosed in the April 7, 2026 OpenSSL Security Advisory. All users are strongly encouraged to upgrade immediately.
OpenSSL Security Update: What’s Included
FireDaemon's latest OpenSSL installers and binary distributions patch 7 security vulnerabilities (1 Moderate, 6 Low severity). The advisory covers memory safety issues across RSA KEM encapsulation, CMS message processing, DANE client authentication, delta CRL handling, and AES-CFB128 on AVX-512 platforms. Notably, the Moderate-severity RSA KEM issue affects the FIPS module across all supported 3.x branches.
Affected Versions and Upgrades
The following FireDaemon OpenSSL security update versions are now available:
FireDaemon OpenSSL 3.6.2
FireDaemon OpenSSL 3.5.6 LTS
FireDaemon OpenSSL 3.0.20 LTS
Key Security Fixes
Moderate Severity
CVE-2026-31790: Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
RSA_public_encrypt() returns -1 on failure, but the affected code checks only for a non-zero return value. When RSA encryption fails, EVP_PKEY_encapsulate() can still return success to the caller, leaving stale or uninitialised heap contents in the ciphertext buffer. If the caller is communicating with an attacker-supplied invalid RSA public key, the uninitialised buffer contents (potentially including sensitive material from a previous process execution) are disclosed to the peer.
The immediate workaround is to call EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate(). Critically, this issue affects the FIPS modules in 3.6, 3.5, and 3.0 (and upstream 3.4, 3.3, 3.1). FIPS-validated deployments are not exempt. Upgrade is mandatory for any environment using RSA-KEM/RSASVE key encapsulation.
Affects: 3.6, 3.5, 3.0 | Fixed in: 3.6.2, 3.5.6, 3.0.20
Low Severity
CVE-2026-28389: NULL Dereference in CMS KeyAgreeRecipientInfo
When processing a crafted CMS EnvelopedData message using KeyAgreeRecipientInfo, the optional parameters field of KeyEncryptionAlgorithmIdentifier is dereferenced without first confirming its presence. A missing field causes a NULL pointer dereference and crash. The crash occurs before any authentication or cryptographic validation, meaning an unauthenticated attacker can trigger it by sending a malformed message to any service calling CMS_decrypt() on untrusted input. S/MIME gateways and CMS-based protocol handlers are the primary targets.
Affects: 3.6, 3.5, 3.0 | Fixed in: 3.6.2, 3.5.6, 3.0.20
CVE-2026-28390: NULL Dereference in CMS KeyTransportRecipientInfo
Same class of issue as CVE-2026-28389, but in the KeyTransportRecipientInfo path with RSA-OAEP encryption. The optional SourceFunc algorithm identifier parameters field is read without a NULL guard, crashing the process on malformed input before any cryptographic operations. Services processing externally-sourced CMS or S/MIME are vulnerable.
Affects: 3.6, 3.5, 3.0 | Fixed in: 3.6.2, 3.5.6, 3.0.20
CVE-2026-28387: Potential Use-After-Free in DANE Client Code
An uncommon DANE TLSA configuration (specifically clients that accept both PKIX-TA(0)/PKIX-EE(1) and DANE-TA(2) certificate usages) can trigger a use-after-free or double-free when the server publishes a TLSA RRset containing both record types. Potential consequences range from data corruption to arbitrary code execution. Standard SMTP MTA deployments following RFC 7672 (which treats PKIX-usage TLSA records as unusable) are not vulnerable. FIPS modules are not affected.
Affects: 3.6, 3.5, 3.0 | Fixed in: 3.6.2, 3.5.6, 3.0.20
CVE-2026-28388: NULL Dereference When Processing a Delta CRL
When delta CRL processing is enabled via X509_V_FLAG_USE_DELTAS, a crafted delta CRL missing the required CRL Number extension causes a NULL pointer dereference during certificate verification. Denial of Service only, with no escalation path to code execution or memory disclosure. Exploitability requires an attacker to deliver a malformed CRL to an application that processes it with delta CRL support enabled, which narrows the attack surface considerably.
Affects: 3.6, 3.5, 3.0 | Fixed in: 3.6.2, 3.5.6, 3.0.20
CVE-2026-28386: Out-of-Bounds Read in AES-CFB-128 on x86-64 with AVX-512/VAES
On x86-64 systems with AVX-512 and VAES instruction support, processing partial AES-CFB128 cipher blocks can trigger an out-of-bounds read of up to 15 bytes when the input buffer ends at a page boundary and the following page is unmapped. The over-read bytes are discarded and not written to output, so there is no information disclosure. Risk is DoS via crash only. AES-CFB mode is not used in TLS/DTLS (which use GCM, CCM, CBC, or ChaCha20-Poly1305), so standard TLS stacks are unaffected. The 3.6 FIPS module is affected; 3.5 and 3.0 are not.
Affects: 3.6 only | Fixed in: 3.6.2
CVE-2026-31789: Heap Buffer Overflow in Hexadecimal Conversion (32-bit Platforms)
When printing or logging X.509 certificates, converting an excessively large OCTET STRING value to hex multiplies the input length by 3 to size the output buffer. On 32-bit platforms this multiplication can overflow, allocating an undersized buffer and triggering a heap buffer overflow on crafted certificates with extensions such as SKID or AKID. Practical exploitation requires a certificate exceeding 1 GB in size, which limits real-world impact significantly. 64-bit platforms are not affected. FIPS modules are not affected.
Affects: 3.6, 3.5, 3.0 (32-bit only) | Fixed in: 3.6.2, 3.5.6, 3.0.20
Why Upgrade Now?
The two CMS NULL dereferences (CVE-2026-28389 and CVE-2026-28390) are straightforward pre-auth denial of service against any service processing externally-sourced CMS or S/MIME. The RSA KEM issue (CVE-2026-31790) is the highest-severity item and has direct implications for FIPS-validated deployments, since the FIPS module boundary does not protect you here. Upgrade to confirm your KEM implementations are not silently leaking process memory to peers.
Upgrade Priority
HIGH Priority (patch within 7 days):
Any deployment using EVP_PKEY_encapsulate() with RSA/RSASVE, particularly against peer-supplied keys
FIPS-validated environments on any 3.x branch, as CVE-2026-31790 affects the FIPS module directly
ELEVATED Priority (patch within 14 days):
Services calling CMS_decrypt() on untrusted input (S/MIME gateways, CMS-based protocol handlers), as CVE-2026-28389 and CVE-2026-28390 are pre-auth DoS
ROUTINE Priority (patch within 30 days):
DANE-capable TLS clients using mixed PKIX/DANE-TA TLSA record sets (CVE-2026-28387)
Applications with delta CRL processing enabled (CVE-2026-28388)
Standard TLS/HTTPS services with no CMS or RSASVE exposure
32-bit deployments logging untrusted X.509 certificates (CVE-2026-31789)
x86-64 systems using AES-CFB128 with AVX-512/VAES (CVE-2026-28386, 3.6 only)
Download and Installation
Get the latest FireDaemon OpenSSL builds from our website:
About FireDaemon: FireDaemon provides enterprise-grade Windows service management solutions, maintains optimised OpenSSL builds for Windows platforms, and offers OpenSSL integration and software development services to ensure businesses have access to the latest security updates and performance improvements.
