You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cms parsing
About this tag
The cms parsing tag covers discussions about vulnerabilities in Cryptographic Message Syntax (CMS) processing, specifically NULL pointer dereference flaws that lead to denial-of-service conditions. Threads on WindowsForum.com analyze low-severity CVEs such as CVE-2026-28390 and CVE-2026-28389, which affect OpenSSL and Microsoft implementations. These flaws can crash applications when handling crafted CMS EnvelopedData or KeyAgreeRecipientInfo messages, causing service availability problems. The tag is relevant for IT professionals and security researchers focused on cryptographic message handling, patch management, and risk assessment in enterprise environments.
## Overview
A new OpenSSL security advisory has drawn attention to CVE-2026-28390, a low-severity denial-of-service flaw in CMS processing that can trigger a NULL pointer dereference when an application handles a crafted CMS EnvelopedData message using KeyTransportRecipientInfo with RSA-OAEP...
Microsoft’s CVE-2026-28389 entry points to a possible NULL dereference while processing CMS KeyAgreeRecipientInfo, and the immediate practical consequence is a denial-of-service condition rather than code execution. The vulnerability description explicitly frames the impact as a total loss of...