Description
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
Published: 2026-03-17
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Buffer Overflow
Action: Immediate Patch
AI Analysis

Impact

The flaw lies in the pyOpenSSL library's handling of DTLS cookie generation callbacks. When a callback returns a cookie longer than the expected 256 bytes, the library passes that oversized value to an OpenSSL buffer that cannot accommodate it, causing a buffer overflow. This overflow can corrupt adjacent memory, potentially leading to arbitrary code execution or other severe compromises. The weakness corresponds to the classic stack or heap overrun identified as CWE-120.

Affected Systems

The affected product is pyOpenSSL, a Python wrapper maintained by the PyCA project, specifically versions 22.0.0 through 25.x. Any environment that imports pyOpenSSL and configures a DTLS cookie callback may be affected. Starting with version 26.0.0, the library rejects cookie values that exceed the 256‑byte limit, eliminating the risk.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity rating, but the EPSS score of less than 1 % suggests a low expected exploitation frequency at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, inferred from the description of a DTLS handshake that triggers the cookie callback. Exploitation would also require control over the callback implementation or the ability to supply malicious cookie data, which is inferred as a prerequisite.

Generated by OpenCVE AI on March 23, 2026 at 19:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pyOpenSSL to version 26.0.0 or later.
  • If an upgrade is not immediately possible, modify any custom cookie callback to ensure it never returns a cookie longer than 256 bytes.
  • Verify that no older pyOpenSSL versions remain in the environment and monitor for related errors.

Generated by OpenCVE AI on March 23, 2026 at 19:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-5pwr-322w-8jr4 pyOpenSSL DTLS cookie callback buffer overflow
Ubuntu USN Ubuntu USN USN-8115-1 pyOpenSSL vulnerabilities
History

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Pyopenssl
Pyopenssl pyopenssl
CPEs cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*:*
Vendors & Products Pyopenssl
Pyopenssl pyopenssl
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 19 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 18 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Pyca
Pyca pyopenssl
Vendors & Products Pyca
Pyca pyopenssl

Tue, 17 Mar 2026 23:45:00 +0000

Type Values Removed Values Added
Description pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
Title pyOpenSSL DTLS cookie callback buffer overflow
Weaknesses CWE-120
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Pyca Pyopenssl
Pyopenssl Pyopenssl
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-18T19:52:15.812Z

Reserved: 2026-02-19T17:25:31.100Z

Link: CVE-2026-27459

cve-icon Vulnrichment

Updated: 2026-03-18T19:52:12.530Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T00:16:19.273

Modified: 2026-03-25T16:41:28.017

Link: CVE-2026-27459

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-17T23:34:28Z

Links: CVE-2026-27459 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:19Z

Weaknesses