Heap Corruption Vulnerability in rust-openssl Due to Incorrect Buffer Sizing
CVE-2026-44662

5.1MEDIUM

Key Information:

Vendor: Rust-OpenSSL
Status: Rust-OpenSSL
Vendor: CVE Published:; 14 May 2026

🔔 Create Rust-OpenSSL Vulnerability Alert

What is CVE-2026-44662?

The rust-openssl library has a vulnerability related to incorrect buffer sizing in certain cryptographic operations. Specifically, when using AES key-wrap-with-padding ciphers, the functions CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update improperly handle output buffers, leading to potential heap corruption. If an attacker can influence the plaintext length, up to 7 bytes may be erroneously written past the allocated memory, creating a security risk. This vulnerability is resolved in version 0.10.79, emphasizing the importance of updating to mitigate risks associated with this flaw.

Affected Version(s)

rust-openssl >= 0.10.0, < 0.10.79

References

https://github.com/rust-openssl/rust-openssl/security/adv...

x_refsource_CONFIRM

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44662 Data

JSON