{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_alt_common/el8/vex/2026/cve-2026-31789-els_alt_common-el8.json" } ], "tracking": { "current_release_date": "2026-06-12T16:47:44Z", "generator": { "date": "2026-06-12T16:47:44Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2026-31789-ELS_ALT_COMMON-EL8", "initial_release_date": "2026-04-07T22:16:00Z", "revision_history": [ { "date": "2026-04-07T22:16:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-12T16:47:44Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2026-31789" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Cloud Linux Software, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "alt-openssl11-1:1.1.1w-3.3.el8.x86_64", "product": { "name": "alt-openssl11-1:1.1.1w-3.3.el8.x86_64", "product_id": "alt-openssl11-1:1.1.1w-3.3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11@1.1.1w-3.3.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } }, { "category": "product_version", "name": "alt-openssl11-1:1.1.1w-3.1.el8.x86_64", "product": { "name": "alt-openssl11-1:1.1.1w-3.1.el8.x86_64", "product_id": "alt-openssl11-1:1.1.1w-3.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11@1.1.1w-3.1.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } }, { "category": "product_version", "name": "alt-openssl11-1:1.1.1w-3.2.el8.x86_64", "product": { "name": "alt-openssl11-1:1.1.1w-3.2.el8.x86_64", "product_id": "alt-openssl11-1:1.1.1w-3.2.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11@1.1.1w-3.2.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } }, { "category": "product_version", "name": "alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64", "product": { "name": "alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64", "product_id": "alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11-devel@1.1.1w-3.1.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } }, { "category": "product_version", "name": "alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64", "product": { "name": "alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64", "product_id": "alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11-devel@1.1.1w-3.2.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } }, { "category": "product_version", "name": "alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64", "product": { "name": "alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64", "product_id": "alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11-devel@1.1.1w-3.3.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } }, { "category": "product_version", "name": "alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64", "product": { "name": "alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64", "product_id": "alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11-libs@1.1.1w-3.1.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } }, { "category": "product_version", "name": "alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64", "product": { "name": "alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64", "product_id": "alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11-libs@1.1.1w-3.2.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } }, { "category": "product_version", "name": "alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64", "product": { "name": "alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64", "product_id": "alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/alt-openssl11-libs@1.1.1w-3.3.el8?arch=x86_64&epoch=1&os_name=centos&os_version=8" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-1:1.1.1w-3.3.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-1:1.1.1w-3.3.el8.x86_64" }, "product_reference": "alt-openssl11-1:1.1.1w-3.3.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-1:1.1.1w-3.1.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-1:1.1.1w-3.1.el8.x86_64" }, "product_reference": "alt-openssl11-1:1.1.1w-3.1.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-1:1.1.1w-3.2.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-1:1.1.1w-3.2.el8.x86_64" }, "product_reference": "alt-openssl11-1:1.1.1w-3.2.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64" }, "product_reference": "alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64" }, "product_reference": "alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64" }, "product_reference": "alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64" }, "product_reference": "alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64" }, "product_reference": "alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64", "relates_to_product_reference": "CentOS-8" }, { "category": "default_component_of", "full_product_name": { "name": "alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64" }, "product_reference": "alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64", "relates_to_product_reference": "CentOS-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-31789", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "other", "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.", "title": "Statement" } ], "product_status": { "known_not_affected": [ "CentOS-8:alt-openssl11-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-1:1.1.1w-3.3.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els-lang/cve/CVE-2026-31789" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "url": "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "url": "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "url": "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "url": "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9" }, { "category": "external", "summary": "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "url": "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521" }, { "category": "external", "summary": "https://openssl-library.org/news/secadv/20260407.txt", "url": "https://openssl-library.org/news/secadv/20260407.txt" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html" } ], "release_date": "2026-04-07T22:16:00Z", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-8:alt-openssl11-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-1:1.1.1w-3.3.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" }, { "category": "impact", "date": "2026-06-12T13:13:50.286623Z", "details": "critical", "product_ids": [ "CentOS-8:alt-openssl11-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-1:1.1.1w-3.3.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-devel-1:1.1.1w-3.3.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.1.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.2.el8.x86_64", "CentOS-8:alt-openssl11-libs-1:1.1.1w-3.3.el8.x86_64" ] } ] } ] }