Skip to main content

Rust Openssl

1 CVEs product

Monthly

CVE-2026-41898 Cargo HIGH PATCH GHSA This Week

Buffer overflow in rust-openssl 0.9.24 through 0.10.77 allows remote unauthenticated attackers to trigger memory corruption via crafted PSK (Pre-Shared Key) or cookie callback responses. The FFI trampolines in SslContextBuilder fail to validate closure-returned buffer sizes against allocated memory regions before passing values to OpenSSL, enabling out-of-bounds writes. Patch released in version 0.10.78. SSVC framework indicates no active exploitation detected, non-automatable attack requiring precise timing conditions (CVSS AT:P), with partial technical impact limited to confidentiality breach and minor availability disruption.

Buffer Overflow OpenSSL Rust Openssl
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.0%
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Buffer overflow in rust-openssl 0.9.24 through 0.10.77 allows remote unauthenticated attackers to trigger memory corruption via crafted PSK (Pre-Shared Key) or cookie callback responses. The FFI trampolines in SslContextBuilder fail to validate closure-returned buffer sizes against allocated memory regions before passing values to OpenSSL, enabling out-of-bounds writes. Patch released in version 0.10.78. SSVC framework indicates no active exploitation detected, non-automatable attack requiring precise timing conditions (CVSS AT:P), with partial technical impact limited to confidentiality breach and minor availability disruption.

Buffer Overflow OpenSSL Rust Openssl
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy