CVE-2026-44662

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.10.0 through 0.10.78

Description Incorrect output buffer sizing occurs when using AES key-wrap-with-padding ciphers (EVP aes {128,192,256} wrap pad). For inputs that are not a multiple of 8, OpenSSL may write up to 7 bytes beyond the end of the caller's buffer or Vec. This can lead to attacker-controllable heap corruption if the plaintext length is influenced by an attacker. This issue specifically affects the functions CipherCtxRef::cipher update(), CipherCtxRef::cipher update vec(), and symm::Crypter::update().

Recommendations Update to version 0.10.79.