Buffer overflow in Rust-openssl

CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used wit…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

Affected products

Rust-openssl — versions >= 0.10.0, < 0.10.79

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

References

security-advisories@github.com (x_refsource_CONFIRM)