CVE-2026-41677

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.0 through 0.10.77

Description The * from pem callback APIs do not validate the length returned by the user's callback. A password callback returning a value larger than the provided buffer can cause certain versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected.

Recommendations Update to version 0.10.78.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-1284

Related Identifiers

CVE-2026-41677

GHSA-XMGF-HQ76-4VX2

Affected Products

Rust-Openssl

CVE-2026-41677

Weakness Enumeration

Related Identifiers

Affected Products

References · 14