Buffer Overflow Vulnerability in rust-openssl Product by OpenSSL
CVE-2026-41898

8.3HIGH

Key Information:

Vendor

Rust-OpenSSL

Status
Rust-OpenSSL
Vendor
CVE Published:
24 April 2026

What is CVE-2026-41898?

The rust-openssl library, which provides OpenSSL bindings for Rust, contains a vulnerability where FFI trampolines in functions such as set_psk_client_callback and others forward returned sizes directly to OpenSSL without validation against the corresponding mutable byte slice. This oversight can result in buffer overflows, possibly leading to memory corruption and other unintended behaviors, which have been addressed in version 0.10.78.

Affected Version(s)

rust-openssl >= 0.9.24, < 0.10.78

References

https://github.com/rust-openssl/rust-openssl/security/adv...
x_refsource_CONFIRM
https://github.com/rust-openssl/rust-openssl/pull/2607
x_refsource_MISC
https://github.com/rust-openssl/rust-openssl/commit/1d109...
x_refsource_MISC

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.