Skip to main content

rust-openssl CVE-2026-41898

| EUVDEUVD-2026-25587 HIGH
Buffer Over-read (CWE-126)
2026-04-24 GitHub_M GHSA-hppc-g8h3-xhp3
8.3
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.3 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (GitHub_M) · only source for this CVE.

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

8
Patch released
Apr 28, 2026 - 17:45 nvd
Patch available
Re-analysis Queued
Apr 27, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 24, 2026 - 20:15 vuln.today
Patch available
Apr 24, 2026 - 19:01 EUVD
CVSS changed
Apr 24, 2026 - 18:22 NVD
8.3 (HIGH)
EUVD ID Assigned
Apr 24, 2026 - 17:30 euvd
EUVD-2026-25587
Analysis Generated
Apr 24, 2026 - 17:30 vuln.today
CVE Published
Apr 24, 2026 - 17:20 nvd
HIGH 8.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 368 cargo packages depend on openssl (77 direct, 291 indirect)

Ecosystem-wide dependent count for version 0.9.24.

DescriptionCVE.org

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.

AnalysisAI

Buffer overflow in rust-openssl 0.9.24 through 0.10.77 allows remote unauthenticated attackers to trigger memory corruption via crafted PSK (Pre-Shared Key) or cookie callback responses. The FFI trampolines in SslContextBuilder fail to validate closure-returned buffer sizes against allocated memory regions before passing values to OpenSSL, enabling out-of-bounds writes. Patch released in version 0.10.78. SSVC framework indicates no active exploitation detected, non-automatable attack requiring precise timing conditions (CVSS AT:P), with partial technical impact limited to confidentiality breach and minor availability disruption.

Technical ContextAI

rust-openssl is a Rust language binding library providing safe FFI (Foreign Function Interface) wrappers around OpenSSL cryptographic functions. The vulnerability resides in four callback registration methods within SslContextBuilder: set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb. These methods create FFI trampolines that bridge Rust closures to C-compatible OpenSSL callbacks. The root cause (CWE-126: Buffer Over-read) occurs when the trampoline forwards the usize return value from user-provided closures directly to OpenSSL without bounds-checking it against the mutable byte slice (&mut [u8]) passed to the closure. This violates Rust's memory safety guarantees at the FFI boundary, allowing the closure to specify arbitrary buffer lengths that exceed allocated memory regions, resulting in buffer overflows when OpenSSL attempts to read or write beyond valid boundaries. The affected CPE (cpe:2.3:a:rust-openssl:rust-openssl) spans versions 0.9.24 through 0.10.77, covering approximately two years of releases.

RemediationAI

Upgrade rust-openssl to version 0.10.78 or later, released with fix commit 1d109020d98fff2fb2e45c39a373af3dff99b24c (see https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78 and PR https://github.com/rust-openssl/rust-openssl/pull/2607). Update Cargo.toml dependency to openssl = "0.10.78" and run cargo update. For applications unable to upgrade immediately, implement compensating controls by auditing all SslContextBuilder callback closures to ensure returned usize values never exceed the length of the provided &mut [u8] slice, adding explicit bounds checks like return callback_data.len().min(buffer.len()) before returning buffer sizes. Alternative mitigation: disable PSK cipher suites in TLS configuration if not required for business logic, forcing certificate-based authentication only, though this may break compatibility with embedded/IoT devices expecting PSK. Note that disabling callbacks entirely eliminates attack surface but removes PSK and stateless DTLS functionality. Test callback logic thoroughly after applying workarounds, as overly restrictive bounds checking may cause TLS handshake failures.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Share

CVE-2026-41898 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy