{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/memory-leak/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-41898"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["rust-openssl","memory-leak","tls","cve"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-41898 is a security vulnerability affecting the rust-openssl library. The vulnerability stems from a failure to properly validate the length of data returned by callbacks during Pre-Shared Key (PSK) and cookie generation processes within OpenSSL. This oversight can lead to OpenSSL inadvertently exposing adjacent memory regions to a remote network peer. While the exact scope of impact is not detailed in the initial advisory, the potential for memory leakage raises concerns about sensitive information disclosure. Defenders should closely monitor applications utilizing rust-openssl for anomalous behavior indicative of exploitation attempts. The Microsoft Security Response Center published information regarding this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA client initiates a TLS handshake with a server using rust-openssl.\u003c/li\u003e\n\u003cli\u003eThe server requests PSK or initiates a cookie exchange as part of the TLS handshake.\u003c/li\u003e\n\u003cli\u003erust-openssl triggers a callback function to generate the PSK or cookie data.\u003c/li\u003e\n\u003cli\u003eThe callback function returns data with a length that is not properly validated by rust-openssl.\u003c/li\u003e\n\u003cli\u003eDue to the unchecked length, OpenSSL reads beyond the intended buffer boundary.\u003c/li\u003e\n\u003cli\u003eOpenSSL copies the over-read memory region into the response sent to the client.\u003c/li\u003e\n\u003cli\u003eThe client receives the response containing the leaked memory.\u003c/li\u003e\n\u003cli\u003eThe client can then analyze the leaked memory for sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41898 can lead to the leakage of sensitive information from the server\u0026rsquo;s memory. This information could include cryptographic keys, session data, or other confidential data. The extent of the leak depends on the amount of memory that is read beyond the intended buffer. The vulnerability could affect any application or service that uses rust-openssl for TLS communication and relies on PSK or cookie generation. The number of potential victims is currently unknown, but it would depend on the adoption rate of rust-openssl in security-sensitive applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for unusually large TLS handshake responses, which may indicate an attempt to trigger the memory leak.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation for callback functions used in PSK and cookie generation within rust-openssl.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect potential exploitation attempts based on anomalous network connection patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T07:33:41Z","date_published":"2026-04-29T07:33:41Z","id":"/briefs/2026-04-rust-openssl-leak/","summary":"CVE-2026-41898 describes a vulnerability in rust-openssl where unchecked callback-returned length in PSK and cookie generation can cause OpenSSL to leak adjacent memory to a network peer.","title":"rust-openssl Memory Leak via Unchecked Callback Length (CVE-2026-41898)","url":"https://feed.craftedsignal.io/briefs/2026-04-rust-openssl-leak/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["openssl"],"_cs_severities":["high"],"_cs_tags":["rust","openssl","memory leak","buffer overflow"],"_cs_type":"advisory","_cs_vendors":["Rust"],"content_html":"\u003cp\u003eThe \u003ccode\u003erust-openssl\u003c/code\u003e crate, a Rust wrapper for the OpenSSL library, is susceptible to a high-severity vulnerability due to unchecked callback lengths within the FFI trampolines used by several functions related to PSK (Pre-Shared Key) and cookie generation. Specifically, versions 0.9.24 up to (but not including) 0.10.78 are affected. The vulnerable functions include \u003ccode\u003eSslContextBuilder::set_psk_client_callback\u003c/code\u003e, \u003ccode\u003eset_psk_server_callback\u003c/code\u003e, \u003ccode\u003eset_cookie_generate_cb\u003c/code\u003e, and \u003ccode\u003eset_stateless_cookie_generate_cb\u003c/code\u003e. The issue arises because the user-provided closure\u0026rsquo;s returned \u003ccode\u003eusize\u003c/code\u003e (size) value is directly passed to OpenSSL without validation against the size of the \u003ccode\u003e\u0026amp;mut [u8]\u003c/code\u003e buffer provided to the closure, resulting in potential buffer overflows and memory leaks. This allows an attacker to potentially leak adjacent memory regions to a peer.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious application or exploits an existing application using the vulnerable \u003ccode\u003erust-openssl\u003c/code\u003e crate.\u003c/li\u003e\n\u003cli\u003eThe attacker triggers one of the vulnerable callback functions (\u003ccode\u003eset_psk_client_callback\u003c/code\u003e, \u003ccode\u003eset_psk_server_callback\u003c/code\u003e, \u003ccode\u003eset_cookie_generate_cb\u003c/code\u003e, or \u003ccode\u003eset_stateless_cookie_generate_cb\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable callback function executes the user-provided closure.\u003c/li\u003e\n\u003cli\u003eThe user-provided closure returns a \u003ccode\u003eusize\u003c/code\u003e value indicating the intended length of the data to be written to the output buffer.\u003c/li\u003e\n\u003cli\u003eThe FFI trampoline forwards this \u003ccode\u003eusize\u003c/code\u003e value directly to OpenSSL, bypassing bounds checking against the actual buffer size.\u003c/li\u003e\n\u003cli\u003eIf the returned \u003ccode\u003eusize\u003c/code\u003e exceeds the allocated buffer size, OpenSSL writes beyond the buffer boundary, leading to a buffer overflow.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow allows the attacker to read adjacent memory regions or overwrite data, potentially leaking sensitive information or corrupting program state.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation could lead to information disclosure, denial of service, or potentially arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to information disclosure, denial of service, or potentially arbitrary code execution. Given the widespread use of the \u003ccode\u003erust-openssl\u003c/code\u003e crate in various applications, the impact could be significant, affecting numerous services and potentially exposing sensitive data. The vulnerability allows for memory leakage to peers which could have broad consequences.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003erust-openssl\u003c/code\u003e version 0.10.78 or later to patch the vulnerability (reference: \u003ca href=\"https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78)\"\u003ehttps://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization within user-provided closures to ensure that the returned \u003ccode\u003eusize\u003c/code\u003e value does not exceed the allocated buffer size, mitigating the risk even in vulnerable versions.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-23T12:00:00Z","date_published":"2026-04-23T12:00:00Z","id":"/briefs/2026-04-rust-openssl-memory-leak/","summary":"The rust-openssl crate versions 0.9.24 prior to 0.10.78 are vulnerable to memory leaks due to unchecked callback lengths in PSK/cookie trampolines, potentially leading to buffer overflows.","title":"rust-openssl Unchecked Callback Length Memory Leak","url":"https://feed.craftedsignal.io/briefs/2026-04-rust-openssl-memory-leak/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["cve","memory leak","denial of service","android"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-33852 is a \u0026ldquo;Missing Release of Memory after Effective Lifetime\u0026rdquo; vulnerability affecting MolotovCherry Android-ImageMagick7 versions prior to 7.1.2-11. Discovered by the Government Technology Agency of Singapore Cyber Security Group (GovTech CSG), this memory leak can occur when processing specially crafted image files. An attacker could potentially exploit this vulnerability to cause a denial-of-service condition on a vulnerable Android device by repeatedly triggering the memory leak…\u003c/p\u003e\n","date_modified":"2026-03-24T07:16:07Z","date_published":"2026-03-24T07:16:07Z","id":"/briefs/2026-03-android-imagemagick-memory-leak/","summary":"A missing release of memory vulnerability (CVE-2026-33852) in MolotovCherry Android-ImageMagick7 before version 7.1.2-11 can lead to a denial-of-service condition due to memory exhaustion.","title":"Android-ImageMagick7 Memory Leak Vulnerability (CVE-2026-33852)","url":"https://feed.craftedsignal.io/briefs/2026-03-android-imagemagick-memory-leak/"}],"language":"en","title":"CraftedSignal Threat Feed — Memory Leak","version":"https://jsonfeed.org/version/1.1"}