Skip to main content

rust-openssl CVE-2026-45784

MEDIUM
Incorrect Calculation of Buffer Size (CWE-131)
2026-05-19 https://github.com/rust-openssl/rust-openssl GHSA-phqj-4mhp-q6mq
Information Disclosure OpenSSL
Share

Lifecycle Timeline

2
Source Code Evidence Fetched
May 19, 2026 - 20:18 vuln.today
Analysis Generated
May 19, 2026 - 20:18 vuln.today

DescriptionNVD

CipherCtxRef::cipher_update_inplace incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced.

This only impacts users using AES key-wrap-with-padding ciphers.

This method was missed in the fix for GHSA-xv59-967r-8726

AnalysisAI

Heap corruption in rust-openssl versions 0.10.50 through 0.10.79 allows attacker-controllable out-of-bounds writes of up to 7 bytes via the CipherCtxRef::cipher_update_inplace method when used with AES key-wrap-with-padding ciphers (EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, EVP_aes_256_wrap_pad). The buffer sizing logic fails to account for AES-KWP's padding expansion when input length is not a multiple of 8, and because this occurs through FFI into native OpenSSL, Rust's memory safety guarantees do not prevent the corruption. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-45784 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy