Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-41681

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.

Ver en NVD

Análisis

The rust-openssl crate (versions 0.10.39 to 0.10.77) contains a stack-based buffer overflow in its digest finalization logic. This vulnerability allows memory corruption even when using safe Rust code, potentially enabling remote code execution in applications processing untrusted input. Update to version 0.10.78 immediately.

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-121

EPSS

Probabilidad de explotación (próx. 30 días): 0.0006 (0.1%)
Percentil: 17.4%
EPSS: 2026-05-06

Afecta

rust-openssl_project:rust-openssl

Descripción técnica

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.

Publicada: 24/4/2026, 18:16:29
Última modificación: 28/4/2026, 17:44:16

Referencias

InicioEventosBlogRecursosEquipo