CVE-2026-41678

Source
https://cve.org/CVERecord?id=CVE-2026-41678
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41678.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-41678
Aliases
Downstream
Related
Published
2026-04-24T17:18:27.280Z
Modified
2026-07-14T18:29:56.878456068Z
Severity
  • 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
rust-openssl: Incorrect bounds assertion in aes key wrap
Details

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey() contains an incorrect assertion: it checks that out.len() + 8 <= in.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.

Database specific
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-787"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41678.json"
}
References

Affected packages

Git / github.com/rust-openssl/rust-openssl

Affected ranges

Type
GIT
Repo
https://github.com/rust-openssl/rust-openssl
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.10.24"
        },
        {
            "fixed": "0.10.78"
        }
    ],
    "cpe": "cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:rust:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

openssl-errors-v0.*
openssl-errors-v0.2.0
openssl-macros-v0.*
openssl-macros-v0.1.0
openssl-macros-v0.1.1
openssl-sys-v0.*
openssl-sys-v0.9.100
openssl-sys-v0.9.101
openssl-sys-v0.9.102
openssl-sys-v0.9.103
openssl-sys-v0.9.104
openssl-sys-v0.9.105
openssl-sys-v0.9.106
openssl-sys-v0.9.107
openssl-sys-v0.9.108
openssl-sys-v0.9.109
openssl-sys-v0.9.110
openssl-sys-v0.9.111
openssl-sys-v0.9.112
openssl-sys-v0.9.113
openssl-sys-v0.9.49
openssl-sys-v0.9.50
openssl-sys-v0.9.51
openssl-sys-v0.9.52
openssl-sys-v0.9.53
openssl-sys-v0.9.54
openssl-sys-v0.9.55
openssl-sys-v0.9.56
openssl-sys-v0.9.57
openssl-sys-v0.9.58
openssl-sys-v0.9.59
openssl-sys-v0.9.60
openssl-sys-v0.9.61
openssl-sys-v0.9.62
openssl-sys-v0.9.63
openssl-sys-v0.9.64
openssl-sys-v0.9.65
openssl-sys-v0.9.66
openssl-sys-v0.9.67
openssl-sys-v0.9.68
openssl-sys-v0.9.69
openssl-sys-v0.9.70
openssl-sys-v0.9.71
openssl-sys-v0.9.72
openssl-sys-v0.9.73
openssl-sys-v0.9.74
openssl-sys-v0.9.75
openssl-sys-v0.9.76
openssl-sys-v0.9.77
openssl-sys-v0.9.78
openssl-sys-v0.9.79
openssl-sys-v0.9.80
openssl-sys-v0.9.81
openssl-sys-v0.9.82
openssl-sys-v0.9.83
openssl-sys-v0.9.84
openssl-sys-v0.9.85
openssl-sys-v0.9.86
openssl-sys-v0.9.87
openssl-sys-v0.9.88
openssl-sys-v0.9.89
openssl-sys-v0.9.90
openssl-sys-v0.9.91
openssl-sys-v0.9.92
openssl-sys-v0.9.93
openssl-sys-v0.9.94
openssl-sys-v0.9.95
openssl-sys-v0.9.96
openssl-sys-v0.9.97
openssl-sys-v0.9.98
openssl-sys-v0.9.99
openssl-v0.*
openssl-v0.10.24
openssl-v0.10.25
openssl-v0.10.26
openssl-v0.10.27
openssl-v0.10.28
openssl-v0.10.29
openssl-v0.10.30
openssl-v0.10.31
openssl-v0.10.32
openssl-v0.10.33
openssl-v0.10.34
openssl-v0.10.35
openssl-v0.10.36
openssl-v0.10.37
openssl-v0.10.38
openssl-v0.10.39
openssl-v0.10.40
openssl-v0.10.41
openssl-v0.10.42
openssl-v0.10.43
openssl-v0.10.44
openssl-v0.10.45
openssl-v0.10.46
openssl-v0.10.47
openssl-v0.10.48
openssl-v0.10.49
openssl-v0.10.50
openssl-v0.10.51
openssl-v0.10.52
openssl-v0.10.53
openssl-v0.10.54
openssl-v0.10.55
openssl-v0.10.56
openssl-v0.10.57
openssl-v0.10.58
openssl-v0.10.59
openssl-v0.10.60
openssl-v0.10.61
openssl-v0.10.62
openssl-v0.10.63
openssl-v0.10.64
openssl-v0.10.65
openssl-v0.10.66
openssl-v0.10.67
openssl-v0.10.68
openssl-v0.10.69
openssl-v0.10.70
openssl-v0.10.71
openssl-v0.10.72
openssl-v0.10.73
openssl-v0.10.74
openssl-v0.10.75
openssl-v0.10.76
openssl-v0.10.77
openssl-v0.9.27

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41678.json"