Skip to main content

rust-openssl CVE-2026-44662

| EUVDEUVD-2026-30482 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-05-07 https://github.com/rust-openssl/rust-openssl GHSA-xv59-967r-8726
5.1
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
CVSS changed
May 14, 2026 - 21:22 NVD
5.1 (MEDIUM)
Source Code Evidence Fetched
May 07, 2026 - 23:15 vuln.today
Analysis Generated
May 07, 2026 - 23:15 vuln.today
CVE Published
May 07, 2026 - 22:33 nvd
MEDIUM

DescriptionGitHub Advisory

CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced.

This only impacts users using AES key-wrap-with-padding ciphers.

AnalysisAI

Heap buffer overflow in rust-openssl's AES key-wrap-with-padding cipher functions allows attackers to write up to 7 bytes past allocated buffer boundaries when processing non-multiple-of-8 plaintext inputs, enabling attacker-controlled heap corruption. Affected versions 0.10.0 through 0.10.78 are vulnerable when CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, or symm::Crypter::update are used with EVP_aes_128/192/256_wrap_pad ciphers.

Technical ContextAI

rust-openssl wraps OpenSSL's EVP cipher interface, exposing AES key-wrap-with-padding ciphers (EVP_aes_128/192/256_wrap_pad) via CipherCtxRef and symm::Crypter APIs. The vulnerability stems from incorrect output buffer allocation logic in these wrapper functions - OpenSSL's key-wrap padding mechanism requires output buffers sized to handle non-standard length requirements, but rust-openssl miscalculates required output size for non-multiple-of-8 inputs. When the underlying OpenSSL EVP_EncryptUpdate writes output, it extends beyond the undersized buffer, causing heap overflow (CWE-122: Heap-based Buffer Overflow). The issue is specific to padded key-wrap ciphers; standard AES modes and unpadded key-wrap are unaffected.

RemediationAI

Upgrade rust-openssl to version 0.10.79 or later immediately. This can typically be done by updating the Cargo.toml dependency to openssl = "0.10.79" or higher and running cargo update. No workarounds exist for versions prior to 0.10.79 if AES key-wrap-with-padding ciphers are in use; affected code paths must be disabled or removed entirely. If upgrading is not immediately feasible, the only mitigation is to refrain from using EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, or EVP_aes_256_wrap_pad ciphers until the patch is applied. Validate that input plaintext length is always a multiple of 8 bytes as a temporary compensating control, though this does not fully eliminate the heap corruption risk if the underlying OpenSSL behavior changes. See vendor advisory at https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xv59-967r-8726 for additional details.

CVE-2014-0160 HIGH POC
7.5 Apr 07

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packe

CVE-2014-0195 MEDIUM POC
6.8 Jun 05

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2016-0800 MEDIUM POC
5.9 Mar 01

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to se

CVE-2015-0204 MEDIUM POC
4.3 Jan 09

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k

CVE-2014-3566 LOW POC
3.4 Oct 15

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which mak

CVE-2016-2107 MEDIUM POC
5.9 May 05

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a

CVE-2015-1793 MEDIUM POC
6.5 Jul 09

The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly

CVE-2022-3602 HIGH
7.5 Nov 01

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Rated hig

CVE-2014-3470 MEDIUM
4.3 Jun 05

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before

CVE-2017-3730 HIGH POC
7.5 May 04

In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this

CVE-2016-8610 HIGH
7.5 Nov 13

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL proto

Share

CVE-2026-44662 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy