<Vulnerability name="CVE-2026-42771">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Low</ThreatSeverity>
    <PublicDate>2026-07-10T00:00:00</PublicDate>
    <Bugzilla id="2481895" url="https://bugzilla.redhat.com/show_bug.cgi?id=2481895" xml:lang="en:us">
openssl: Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>6.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-805</CWE>
    <Details xml:lang="en:us" source="Mitre">
Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an
application to validate a crafted e-mail address, such as during S/MIME
message validation, an out of bounds read can happen.

Impact summary: This out of bounds read will not directly exfiltrate
the data read to the attacker so the most likely result is a crash and
a Denial of Service.

An internal helper function called from X509_VERIFY_PARAM_[set|add]_email()
used a wrong length when validating the local part of an email address.
This could cause the 64 octet limit on the local part of an email address
to be not enforced, or cause an out of bound read and potentially a crash.

The bug is reachable via S-MIME validation with a crafted From: address
supplied in an email message that can potentially cause a crash.

No FIPS modules are affected by this issue as the affected code is outside
the OpenSSL FIPS module boundary.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in OpenSSL. When an application uses the X509_VERIFY_PARAM_set1_email() function to validate a specially crafted S/MIME (Secure/Multipurpose Internet Mail Extensions) email address, an out-of-bounds read can occur. A remote attacker could exploit this vulnerability by sending a malicious email, leading to an application crash and a Denial of Service (DoS). This issue does not directly expose sensitive data.
    </Details>
    <Statement xml:lang="en:us">
This flaw is rated as Low impact. A possible out-of-bounds read in OpenSSL's X509_VERIFY_PARAM_set1_email() function can occur when an application validates a specially crafted S/MIME email address. This could lead to a denial of service through an application crash, but does not directly exfiltrate data.
    </Statement>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
    </Mitigation>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>edk2</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>openssl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>shim</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>shim-unsigned-aarch64</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:10">
        <ProductName>Red Hat Enterprise Linux 10</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>shim-unsigned-x64</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:6">
        <ProductName>Red Hat Enterprise Linux 6</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>openssl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:7">
        <ProductName>Red Hat Enterprise Linux 7</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ovmf</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>compat-openssl10</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>edk2</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>mingw-openssl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>openssl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>shim</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>shim-unsigned-x64</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Out of support scope</FixState>
        <PackageName>compat-openssl11</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>edk2</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>openssl</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>shim</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>shim-unsigned-aarch64</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:9">
        <ProductName>Red Hat Enterprise Linux 9</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>shim-unsigned-x64</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift:4">
        <ProductName>Red Hat OpenShift Container Platform 4</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>rhcos</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-42771
https://nvd.nist.gov/vuln/detail/CVE-2026-42771
    </References>
</Vulnerability>