All 6 CVE vulnerabilities found in rust-openssl, with AI-generated Chinese analysis, references, and POCs.
Vendor: sfackler
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41898 | rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer CWE-126 | 9.8AI | CriticalAI | 2026-04-24 |
| CVE-2026-41681 | rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check CWE-121 | 9.1AI | CriticalAI | 2026-04-24 |
| CVE-2026-41678 | rust-openssl: Incorrect bounds assertion in aes key wrap CWE-787 | 9.1AI | CriticalAI | 2026-04-24 |
| CVE-2026-41677 | rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length CWE-125 | - | -AI | 2026-04-24 |
| CVE-2026-41676 | rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 CWE-787 | 5.9AI | MediumAI | 2026-04-24 |
| CVE-2025-24898 | rust openssl ssl::select_next_proto use after free CWE-416 | 7.4 | - | 2025-02-03 |
All 6 known CVE vulnerabilities affecting rust-openssl with full Chinese analysis, references, and POCs where available.