Description
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.
Published: 2026-04-24
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Out‐of‐bounds write that can corrupt memory or lead to code execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability occurs in the aes::unwrap_key function of rust‑openssl. An incorrect bounds assertion mistakenly checks that out.len()+8 <= in_.len() instead of ensuring that the output buffer is large enough, out.len() >= in_.len()-8. When a smaller buffer is provided the function writes beyond the end of the output buffer, resulting in an out‑of‑bounds write from a public API. This can corrupt memory and potentially allow an attacker to achieve arbitrary code execution or cause a denial of service.

Affected Systems

All users of rust‑openssl from the beginning of the 0.10 series up to, but not including, version 0.10.78 are affected. The issue is fixed in 0.10.78; newer releases are not vulnerable.

Risk and Exploitability

The CVSS score of 7.2 indicates a medium to high severity vulnerability. The EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. Because the vulnerable function is part of the public API, the likely attack vector is an application that calls aes::unwrap_key with untrusted or attacker‑controlled data. An exploitation path would entail supplying a crafted key wrap that leads to an out‑of‑bounds write, followed by tampering with memory to achieve arbitrary code execution. Based on the description, it is inferred that local or remote exploitation is feasible if the application accepts input from an untrusted source.

Generated by OpenCVE AI on April 28, 2026 at 05:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade rust‑openssl to version 0.10.78 or later, which contains the fixed bounds check.
  • If immediate upgrade is not possible, validate the size of the input key wrap and the destination buffer before calling aes::unwrap_key to ensure the buffer is large enough.
  • Consider temporarily replacing rust‑openssl with another cryptographic library that does not expose this vulnerability until the upgrade can be applied.

Generated by OpenCVE AI on April 28, 2026 at 05:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8c75-8mhr-p7r9 rust-openssl has incorrect bounds assertion in aes key wrap
History

Tue, 28 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:rust:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 28 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Rust-openssl Project
Rust-openssl Project rust-openssl
Vendors & Products Rust-openssl Project
Rust-openssl Project rust-openssl

Fri, 24 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.
Title rust-openssl: Incorrect bounds assertion in aes key wrap
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Rust-openssl Project Rust-openssl
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-24T18:33:14.697Z

Reserved: 2026-04-22T03:53:24.406Z

Link: CVE-2026-41678

cve-icon Vulnrichment

Updated: 2026-04-24T18:27:49.679Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T18:16:29.420

Modified: 2026-04-28T17:41:42.680

Link: CVE-2026-41678

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T08:45:26Z

Weaknesses