Openssl

CVE-2025-14575 describes an uncontrolled search path element vulnerability in the Qt Network OpenSSL TLS backend, allowing for the loading of rogue CA certificates, potentially leading to man-in-the-middle attacks.

Hitachi Energy GMS600 versions 1.3.0 and 1.3.1 are affected by CVE-2022-4304, a vulnerability in the OpenSSL RSA Decryption implementation; an attacker could exploit this timing-based side channel to recover plaintext across a network in a Bleichenbacher-style attack by sending trial messages to the server and recording processing times, eventually decrypting application data.

Multiple vulnerabilities in OpenSSL can be exploited by a remote attacker to conduct a denial-of-service attack, disclose information, or recover ciphertext over a network.

The rust-openssl crate versions 0.9.24 prior to 0.10.78 are vulnerable to memory leaks due to unchecked callback lengths in PSK/cookie trampolines, potentially leading to buffer overflows.

A vulnerability exists in vcpkg versions prior to 3.6.1#3, where Windows builds of OpenSSL set openssldir to a path on the build machine, making that path vulnerable to attack on customer machines.

A remote, authenticated attacker can exploit a vulnerability in OpenSSL to perform a denial-of-service attack and disclose information.

The rust-openssl package is vulnerable to an out-of-bounds write due to an incorrect bounds assertion in the `aes::unwrap_key()` function, potentially leading to arbitrary code execution if attacker-controlled buffer sizes are permitted.

CVE-2026-41676 is a buffer overflow vulnerability in rust-openssl's Deriver::derive and PkeyCtxRef::derive functions when used with OpenSSL 1.1.1, potentially leading to denial of service or arbitrary code execution.

The `X509Ref::ocsp_responders` function in rust-openssl versions 0.9.7 to 0.10.78 returns OCSP responder URLs from a certificate's AIA extension without proper UTF-8 validation, leading to undefined behavior when processing certificates with non-UTF-8 OCSP URLs.

The rust-openssl crate is vulnerable to a stack-based buffer overflow (CVE-2026-41681) where the `EVP_DigestFinal()` function writes beyond the allocated buffer, potentially corrupting the stack, affecting versions >= 0.10.39 and < 0.10.78.

The rust-openssl crate's `Deriver::derive` and `PkeyCtxRef::derive` functions can cause heap/stack overflows when used with OpenSSL 1.1.x due to insufficient buffer length validation in X25519, X448, DH, and HKDF-extract, affecting rust-openssl versions >= 0.9.27 and < 0.10.78.