Description
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
Scores
CVSS v3
9.1
EPSS
0.0029
EPSS Percentile
20.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-125
CWE-1284
Status
published
Products (2)
crates.io/openssl
0.9.0 - 0.10.78crates.io
rust-openssl_project/rust-openssl
0.9.0 - 0.10.78
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026