OpenSSL 3.3.7 is a security patch release. The most severe CVE fixed in this
release is Moderate.
This release incorporates the following bug fixes and mitigations:
-
Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
(CVE-2026-31790) -
Fixed potential use-after-free in DANE client code.
(CVE-2026-28387) -
Fixed NULL pointer dereference when processing a delta CRL.
(CVE-2026-28388) -
Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389) -
Fixed possible NULL dereference when processing CMS
KeyTransportRecipientInfo.
(CVE-2026-28390) -
Fixed heap buffer overflow in hexadecimal conversion.
(CVE-2026-31789)