CVE-2026-44662 - Vulnerability Details

Description

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.

Published: 2026-05-14

Score: 5.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability exists in rust‑openssl versions 0.10.0 through 0.10.78, where the cipher update functions incorrectly size the output buffer for AES key‑wrap‑with‑padding ciphers. For plaintext lengths that are not a multiple of eight, OpenSSL writes up to seven bytes beyond the caller’s buffer. This results in attacker‑controllable heap corruption, which can be leveraged to alter memory and potentially achieve remote code execution. The weakness is a classic buffer overflow (CWE‑122).

Affected Systems

Affected are users of the rust‑openssl library, specifically those employing AES key‑wrap‑with‑padding ciphers (EVP_aes_128_wrap_pad, EVP_aes_192_wrap_pad, or EVP_aes_256_wrap_pad) in library versions 0.10.0 to 0.10.78. The issue does not affect later releases, such as 0.10.79 and beyond.

Risk and Exploitability

The CVSS score for this issue is 5.1, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, suggesting no known widespread exploitation yet. The likely attack vector requires the attacker to supply a plaintext of non‑multiple‑of‑eight length to a key‑wrap‑with‑padding operation, which is user‑controlled, so the flaw can be triggered by a remote or local application that processes attacker‑supplied data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

rust-openssl

affected

Version	Status	Constraints
`>= 0.10.0, < 0.10.79`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade rust‑openssl to version 0.10.79 or later.
Avoid using AES key‑wrap‑with‑padding ciphers in new code; consider alternative key wrapping mechanisms such as RFC 3394 or other non‑padding modes.
Validate plaintext length and buffer sizes before invoking cipher_update to ensure that only multiples of eight bytes are processed, reducing the risk of triggering the buffer overflow.

Generated by OpenCVE AI on May 14, 2026 at 21:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-xv59-967r-8726	rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xv59-967r-8726

History

Thu, 14 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.
Title		rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
Weaknesses		CWE-122
References		https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xv59-967r-8726
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-14T20:18:43.627Z

Updated: 2026-05-14T20:18:43.627Z

Reserved: 2026-05-07T16:20:08.659Z

Link: CVE-2026-44662

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-05-14T21:16:47.237

Modified: 2026-05-15T14:53:48.823

Link: CVE-2026-44662

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-14T22:00:10Z

Weaknesses

CWE-122

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object