Description
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.
Published: 2026-04-24
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption
Action: Patch
AI Analysis

Impact

Rust‑openssl provides Rust bindings to OpenSSL. From versions 0.9.27 to 0.10.77, Deriver::derive (and PkeyCtxRef::derive) sets a length equal to the supplied buffer size and passes it to EVP_PKEY_derive. On OpenSSL 1.1.x the key‑length parameter is ignored for X25519, X448, DH, and HKDF‑extract, which write the full shared secret unconditionally. When a caller provides a smaller slice, safe Rust code triggers a heap or stack overflow because data is written beyond the intended buffer limits, resulting in process‑local memory corruption.

Affected Systems

The flaw affects the rust‑openssl crate versions 0.9.27 through 0.10.77 when linked against OpenSSL 1.1.x family releases (including 1.1.1). It does not apply to OpenSSL 3.x providers that perform the key‑length check.

Risk and Exploitability

The CVSS score of 7.2 indicates high severity, while an EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local control of an application that calls Deriver::derive with an undersized buffer, leading to memory corruption within that process and potential instability or unexpected behavior.

Generated by OpenCVE AI on April 28, 2026 at 13:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the rust‑openssl crate to version 0.10.78 or later, which includes the buffer‑size check.
  • Rebuild your application against OpenSSL 3.x where provider level checks enforce the key‑length verification.
  • Ensure that any buffer passed to Deriver::derive or PkeyCtxRef::derive is at least as large as the expected shared secret length (32 bytes for X25519, 56 bytes for X448, etc.) and validate the length before calling the function.

Generated by OpenCVE AI on April 28, 2026 at 13:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-pqf5-4pqq-29f5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
History

Tue, 28 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:rust:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 28 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Rust-openssl Project
Rust-openssl Project rust-openssl
Vendors & Products Rust-openssl Project
Rust-openssl Project rust-openssl

Fri, 24 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.
Title rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Weaknesses CWE-131
CWE-787
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Rust-openssl Project Rust-openssl
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T17:43:20.693Z

Reserved: 2026-04-22T03:53:24.406Z

Link: CVE-2026-41676

cve-icon Vulnrichment

Updated: 2026-04-24T17:43:17.252Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T18:16:29.120

Modified: 2026-04-28T17:30:42.790

Link: CVE-2026-41676

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:45:06Z

Weaknesses