CVE-2026-41677

Critical

Published: 24 April 2026

Published

24 April 2026

Modified

28 April 2026

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0014 34.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was…

given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely patching of known flaws like the buffer over-read in vulnerable rust-openssl versions by updating to 0.10.78.

SI-16 Memory Protection good match

prevent

Provides memory protection mechanisms such as address space layout randomization and data execution prevention to mitigate exploitation of out-of-bounds reads.

SI-10 Information Input Validation partial match

prevent

Enforces validation of input quantities like callback-returned lengths to prevent out-of-bounds buffer access.

Security SummaryAI

CVE-2026-41677 affects the rust-openssl crate, which provides OpenSSL bindings for the Rust programming language. In versions from 0.9.0 up to but not including 0.10.78, the APIs such as *_from_pem_callback fail to validate the length value returned by a user's callback function. If the callback returns a length exceeding the provided buffer size, it can trigger an over-read of that buffer in certain versions of OpenSSL. OpenSSL 3.x versions are explicitly not affected. The issue is classified under CWE-125 (Out-of-bounds Read) and CWE-1284 (Improper Validation of Specified Quantity in Input), with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).

Remote attackers can exploit this vulnerability without privileges or user interaction over a network connection with low complexity. By supplying a malicious password callback that reports an oversized length, they can induce OpenSSL to read beyond the buffer boundaries, potentially disclosing sensitive memory contents and causing denial-of-service conditions through crashes or resource exhaustion.

The rust-openssl security advisory at https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2 confirms the vulnerability and states that it is fixed in version 0.10.78. Security practitioners should update to this version or later to mitigate the issue, particularly in Rust applications using affected rust-openssl versions alongside vulnerable OpenSSL builds.

Details

CWE(s): CWE-125 CWE-1284

Affected Products

rust-openssl project

rust-openssl

0.9.0 — 0.10.78

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Remote unauthenticated network exploitation of applications using vulnerable rust-openssl enables initial access via public-facing app exploitation (T1190) and endpoint DoS through application exploitation causing crashes/resource exhaustion (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
Vendor Advisory · security-advisories@github.com