PT-2026-34623 · Pypi · Rust-Openssl
Alex
·
Published
2026-04-22
·
Updated
2026-04-30
·
CVE-2026-41681
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
rust-openssl versions 0.10.39 through 0.10.77
Description
The
EVP DigestFinal() function always writes EVP MD CTX size(ctx) to the out buffer. If the out buffer is smaller than that size, the MdCtxRef::digest final() function writes past its end, which typically results in stack corruption. This issue is reachable from safe Rust.Recommendations
Update to version 0.10.78.
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rust-Openssl