VIR Vulnerability Intelligence Relay

Package impact

rust crates.io / openssl

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-41898 critical 9.8 9.8 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callbac… debianrust
CVE-2026-41681 critical 9.8 9.8 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller th… debianrust
CVE-2026-41678 critical 9.8 9.8 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but t… debianrust
CVE-2026-41676 critical 9.8 9.8 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out len… debianrust
CVE-2026-41677 critical 9.1 9.1 1mo ago rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A pa… debianrust
CVE-2026-42327 high 8.0 14d ago rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs debianrust
CVE-2026-45784 medium 5.5 9d ago rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers rust
CVE-2026-44662 medium 5.5 14d ago rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding debianrust
CVE-2025-24898 medium 5.5 1y ago Moderate: python3.12-cryptography security update redhatrockylinuxdebianrust
CVE-2023-53159 unknown 3y ago The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. debianrust
CVE-2018-20997 unknown 8y ago An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. debianrust
CVE-2016-10931 unknown 10y ago An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for host… debianrust