OpenSSL Patches High-Severity Vulnerability Found With AI

https://www.securityweek.com/wp-content/uploads/2025/10/OpenSSL-communications-traffic.jpg

The latest OpenSSL releases patch 18 vulnerabilities, including a high-severity issue that could allow remote code execution.

The high-severity vulnerability, tracked as CVE-2026-45447, is a heap user-after-free bug in a function used for PKCS#7 (Public-Key Cryptography Standard #7) verification.

Discovered by a Calif researcher in collaboration with Claude AI and Anthropic Research, the bug can be triggered using a specially crafted PKCS#7 or S/MIME signed message during PKCS#7 signature verification.

“When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition,” OpenSSL developers explained.

Exploitation of the vulnerability can result in heap corruption, process crashes, and possibly in remote code execution.

The moderate-severity flawspatched in OpenSSL can be exploited to decrypt encrypted communications, forge arbitrary...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://images.ft.com/v3/image/raw/https%3A%2F%2Fd1e00ek4ebabms.cloudfront.net%2Fproduction%2Fc37135e3-9b62-409e-a3a3-f53251fd70e1.jpg?source=next-article&fit=scale-down&quality=highest&wi...

Sources: the White House is in advanced talks with AI companies on voluntary standards and release timelines for new models to be announced as soon as next week

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/i.f1ZZITNHDo/v1/1200x800.jpg

Bending Spoons, which owns Vimeo and AOL, closed up 40% in its US market debut on Wednesday at a $25.7B valuation, after raising $1.68B in its IPO

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.