logo

Database

Improper resource allocation - Buffer overflow In rust-openssl

Description

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-416782. NVD-2026-416783. OSV-DEBIAN-2026-416784. OSV-2026-416785. GHSA-8c75-8mhr-p7r96. GCVE-2026-416787. SECURITY-TRACKER-CVE-2026-41678

References

1. https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r92. https://github.com/rust-openssl/rust-openssl/pull/26043. https://github.com/rust-openssl/rust-openssl/commit/718d07ff8ff7be417d5b7a6a0047f1607520b3b64. https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.