CVE-2026-41681

CRITICAL

rust-openssl 0.10.39-0.10.77 - Memory Corruption

Title source: llm

Description

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.

References (4)

[Vendor Advisory] https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj

[Issue Tracking] https://github.com/rust-openssl/rust-openssl/pull/2608

[Patch] https://github.com/rust-openssl/rust-openssl/commit/826c3888b77add418b394770e2b2e3a72d9f92fe

View Patch ZIP pw:eip

[Release Notes] https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

Scores

CVSS v3 9.8

EPSS 0.0006

EPSS Percentile 17.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

rust-openssl_project/rust-openssl 0.10.39 - 0.10.78

Published Apr 24, 2026

Tracked Since Apr 24, 2026