PatchSiren

rust-openssl CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH rust-openssl CVE published 2026-04-24

CVE-2026-41898

The CVE record for CVE-2026-41898 was published on 2026-04-24T18:16:29.860Z. The vulnerability affects rust-openssl versions from 0.9.24 to before 0.10.78. It involves improper forwarding of user closure returns to OpenSSL, potentially leading to buffer overflows. This issue has a high CVSS score of 8.3, indicating a high severity vulnerability. Users of affected versions should be aware and take necessar [truncated]

HIGH rust-openssl CVE published 2026-04-24

CVE-2026-41681

CVE-2026-41681 is a high-severity vulnerability in Rust-OpenSSL, a Rust library providing OpenSSL bindings. The vulnerability, fixed in version 0.10.78, allows for a buffer overflow due to EVP_DigestFinal() always writing EVP_MD_CTX_size(ctx) to the out buffer, potentially corrupting the stack. This issue is reachable from safe Rust and has a CVSS score of 8.1. The vulnerability affects versions from 0.10 [truncated]