Vulnerability Details CVE-2026-41678
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 20.9%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-41678
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.24
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.25
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.26
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.27
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.28
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.29
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.30
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.31
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.32
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.33
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.34
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.35
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.36
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.37
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.38
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.39
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.40
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.41
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.42
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.43
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.44
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.45
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.46
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.47
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.48
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.49
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.50
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.51
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.52
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.53
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.54
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.55
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.56
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.57
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.58
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.59
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.60
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.61
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.62
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.63
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.64
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.65
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.66
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.67
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.68
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.69
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.70
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.71
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.72
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.73
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.74
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.75
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.76
-
cpe:2.3:a:rust-openssl_project:rust-openssl:0.10.77