Browse all 5 CVE security advisories affecting rust-openssl. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Rust-openssl provides a Rust wrapper for the OpenSSL library, enabling secure communications in Rust applications through TLS/SSL implementations. Historically, it has been susceptible to remote code execution vulnerabilities due to memory corruption flaws in the underlying OpenSSL library, along with cross-site scripting issues in web applications using it. The project has recorded five CVEs, primarily stemming from OpenSSL's complex attack surface, including buffer overflows and improper input validation. While Rust's memory safety features reduce certain risks, the dependency on OpenSSL's C codebase remains a security consideration, requiring regular updates to address newly discovered vulnerabilities in the underlying library.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41898 | rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer — rust-opensslCWE-126 | 9.8AI | CriticalAI | 2026-04-24 |
| CVE-2026-41681 | rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check — rust-opensslCWE-121 | 9.1AI | CriticalAI | 2026-04-24 |
| CVE-2026-41678 | rust-openssl: Incorrect bounds assertion in aes key wrap — rust-opensslCWE-787 | 9.1AI | CriticalAI | 2026-04-24 |
| CVE-2026-41677 | rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length — rust-opensslCWE-125 | - | -AI | 2026-04-24 |
| CVE-2026-41676 | rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 — rust-opensslCWE-787 | 5.9AI | MediumAI | 2026-04-24 |
This page lists every published CVE security advisory associated with rust-openssl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.