Vulnerability Details CVE-2026-41681
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.8%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/rust-openssl/rust-openssl/commit/826c3888b77add418b394770e2b2e3a72d9f92fe
- https://github.com/rust-openssl/rust-openssl/pull/2608
- https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78
- https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
Products affected by CVE-2026-41681
-
cpe:2.3:a:rust-openssl_project:rust-openssl:*