A new stack buffer overflow vulnerability has been discovered in OpenSSL, specifically within its CMS AuthEnvelopedData parsing functionality. This flaw could lead to a crash, causing a Denial of Service, or potentially enable remote code execution. The vulnerability affects versions 3.6.0, 3.5.0, 3.4.0, 3.3.0, and 3.0.0, according to recent reports.

This security issue arises when parsing CMS AuthEnvelopedData messages. Maliciously crafted AEAD parameters can trigger the overflow by copying the IV into a fixed-size stack buffer without proper length validation. This occurs before authentication, meaning no valid key material is needed to exploit the vulnerability. Applications parsing untrusted content are at risk.

OpenSSL is a widely used cryptographic library, making this vulnerability a serious concern for any system utilizing it. Developers should update to the latest patched versions to mitigate the risk. The fix involves verifying the length of the IV before copying it. Exploitation hinges on the context of the application.

The findings underscore the importance of secure coding practices and thorough input validation in cryptographic libraries. Users and developers should pay close attention to updates and security advisories from OpenSSL to ensure the ongoing security of their systems. Future updates will likely focus on further hardening the parsing process.