QwikSec

Security Database

CVE

CWE

Training

CVE-2026-41681

Published: Apr 24, 2026

Modified: Apr 24, 2026

PUBLISHED

Description

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.

Vendor	Product	Versions
rust-openssl	rust-openssl	affected `>= 0.10.39, < 0.10.78`

Weaknesses (CWE)

References

https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj

x_refsource_CONFIRM

https://github.com/rust-openssl/rust-openssl/pull/2608

x_refsource_MISC

https://github.com/rust-openssl/rust-openssl/commit/826c3888b77add418b394770e2b2e3a72d9f92fe

x_refsource_MISC

https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2026-41681 - Security Vulnerability | QwikSec