PT-2026-25840 · Openssl+3 · Openssl+3

Dark_Haxor

Publicado

2026-03-16

Atualizado

2026-06-04

CVE-2026-27459

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 22.0.0 through 25.3.0

Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set cookie generate callback function returned a cookie value exceeding 256 bytes, pyOpenSSL would cause a buffer overflow in an OpenSSL-provided buffer. Starting with version 26.0.0, pyOpenSSL rejects cookie values that are too long, mitigating the issue. The set cookie generate callback function is used to generate cookies for use with DTLS (Datagram Transport Layer Security).

Recommendations pyOpenSSL versions 22.0.0 through 25.3.0 should be updated to version 26.0.0 or later.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-120

Identificadores relacionados

CVE-2026-27459

ECHO-913B-6868-0495

GHSA-5PWR-322W-8JR4

MGASA-2026-0074

OESA-2026-1729

OESA-2026-1730

OESA-2026-1731

OESA-2026-1734

OPENSUSE-SU-2026:10392-1

OPENSUSE-SU-2026:20419-1

RHSA-2026:10754

RHSA-2026:13508

RHSA-2026:13512

RHSA-2026:14835

RHSA-2026:14873

RHSA-2026:14874

RHSA-2026:7224

SUSE-SU-2026:1192-1

SUSE-SU-2026:20930-1

SUSE-SU-2026:20954-1

SUSE-SU-2026:20960-1

SUSE-SU-2026:21990-1

SUSE-SU-2026:2242-1

SUSE-SU-2026:2244-1

SUSE-SU-2026:2255-1

USN-8115-1

Produtos afetados

Linuxmint

Openssl

Ubuntu

Pyopenssl

PT-2026-25840 · Openssl+3 · Openssl+3

CVE-2026-27459

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 52