Openssl

The rust-openssl crate versions 0.9.24 prior to 0.10.78 are vulnerable to memory leaks due to unchecked callback lengths in PSK/cookie trampolines, potentially leading to buffer overflows.

A vulnerability exists in vcpkg versions prior to 3.6.1#3, where Windows builds of OpenSSL set openssldir to a path on the build machine, making that path vulnerable to attack on customer machines.

The rust-openssl package is vulnerable to an out-of-bounds write due to an incorrect bounds assertion in the `aes::unwrap_key()` function, potentially leading to arbitrary code execution if attacker-controlled buffer sizes are permitted.

CVE-2026-41676 is a buffer overflow vulnerability in rust-openssl's Deriver::derive and PkeyCtxRef::derive functions when used with OpenSSL 1.1.1, potentially leading to denial of service or arbitrary code execution.

The rust-openssl crate is vulnerable to a stack-based buffer overflow (CVE-2026-41681) where the `EVP_DigestFinal()` function writes beyond the allocated buffer, potentially corrupting the stack, affecting versions >= 0.10.39 and < 0.10.78.

The rust-openssl crate's `Deriver::derive` and `PkeyCtxRef::derive` functions can cause heap/stack overflows when used with OpenSSL 1.1.x due to insufficient buffer length validation in X25519, X448, DH, and HKDF-extract, affecting rust-openssl versions >= 0.9.27 and < 0.10.78.