QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-41677

Back to search

CVE-2026-41677

Published: Apr 24, 2026

Modified: Apr 24, 2026

PUBLISHED

Description

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.

VendorProductVersions

rust-openssl

rust-openssl

affected
>= 0.9.0, < 0.10.78

Weaknesses (CWE)

CWE-125
CWE-1284

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now