{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/rust-openssl/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-41898"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["rust-openssl","memory-leak","tls","cve"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-41898 is a security vulnerability affecting the rust-openssl library. The vulnerability stems from a failure to properly validate the length of data returned by callbacks during Pre-Shared Key (PSK) and cookie generation processes within OpenSSL. This oversight can lead to OpenSSL inadvertently exposing adjacent memory regions to a remote network peer. While the exact scope of impact is not detailed in the initial advisory, the potential for memory leakage raises concerns about sensitive information disclosure. Defenders should closely monitor applications utilizing rust-openssl for anomalous behavior indicative of exploitation attempts. The Microsoft Security Response Center published information regarding this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA client initiates a TLS handshake with a server using rust-openssl.\u003c/li\u003e\n\u003cli\u003eThe server requests PSK or initiates a cookie exchange as part of the TLS handshake.\u003c/li\u003e\n\u003cli\u003erust-openssl triggers a callback function to generate the PSK or cookie data.\u003c/li\u003e\n\u003cli\u003eThe callback function returns data with a length that is not properly validated by rust-openssl.\u003c/li\u003e\n\u003cli\u003eDue to the unchecked length, OpenSSL reads beyond the intended buffer boundary.\u003c/li\u003e\n\u003cli\u003eOpenSSL copies the over-read memory region into the response sent to the client.\u003c/li\u003e\n\u003cli\u003eThe client receives the response containing the leaked memory.\u003c/li\u003e\n\u003cli\u003eThe client can then analyze the leaked memory for sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41898 can lead to the leakage of sensitive information from the server\u0026rsquo;s memory. This information could include cryptographic keys, session data, or other confidential data. The extent of the leak depends on the amount of memory that is read beyond the intended buffer. The vulnerability could affect any application or service that uses rust-openssl for TLS communication and relies on PSK or cookie generation. The number of potential victims is currently unknown, but it would depend on the adoption rate of rust-openssl in security-sensitive applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor network traffic for unusually large TLS handshake responses, which may indicate an attempt to trigger the memory leak.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation for callback functions used in PSK and cookie generation within rust-openssl.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect potential exploitation attempts based on anomalous network connection patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T07:33:41Z","date_published":"2026-04-29T07:33:41Z","id":"/briefs/2026-04-rust-openssl-leak/","summary":"CVE-2026-41898 describes a vulnerability in rust-openssl where unchecked callback-returned length in PSK and cookie generation can cause OpenSSL to leak adjacent memory to a network peer.","title":"rust-openssl Memory Leak via Unchecked Callback Length (CVE-2026-41898)","url":"https://feed.craftedsignal.io/briefs/2026-04-rust-openssl-leak/"},{"_cs_actors":[],"_cs_cves":[{"id":"CVE-2026-41676"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["rust-openssl","openssl","buffer overflow","cve-2026-41676"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-41676 is a critical vulnerability affecting the rust-openssl crate when used in conjunction with OpenSSL version 1.1.1. The vulnerability stems from insufficient buffer size checks in the \u003ccode\u003eDeriver::derive\u003c/code\u003e and \u003ccode\u003ePkeyCtxRef::derive\u003c/code\u003e functions. An attacker could potentially exploit this flaw by providing specially crafted input that causes a buffer overflow, leading to a denial-of-service condition or, in more severe cases, arbitrary code execution. The Microsoft Security Response Center released information about this vulnerability, highlighting its potential impact on applications utilizing the affected rust-openssl crate with the vulnerable OpenSSL version. This vulnerability poses a significant risk to applications using rust-openssl and OpenSSL 1.1.1, requiring immediate attention and patching.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies an application using rust-openssl compiled against OpenSSL 1.1.1.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input designed to trigger the \u003ccode\u003eDeriver::derive\u003c/code\u003e or \u003ccode\u003ePkeyCtxRef::derive\u003c/code\u003e functions.\u003c/li\u003e\n\u003cli\u003eThe malicious input is sent to the vulnerable application.\u003c/li\u003e\n\u003cli\u003eThe application processes the malicious input using \u003ccode\u003eDeriver::derive\u003c/code\u003e or \u003ccode\u003ePkeyCtxRef::derive\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eDue to the insufficient buffer size validation within these functions, the input overflows the allocated buffer.\u003c/li\u003e\n\u003cli\u003eThe buffer overflow corrupts adjacent memory regions, potentially overwriting critical data or code.\u003c/li\u003e\n\u003cli\u003eIf the overflow overwrites code, the attacker could potentially execute arbitrary code within the context of the application.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation leads to either a denial-of-service (application crash) or arbitrary code execution, allowing the attacker to gain control of the system or application.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41676 can lead to significant consequences, including denial-of-service, where the application becomes unresponsive or crashes. In a more severe scenario, an attacker could achieve arbitrary code execution, potentially gaining complete control over the affected system. This could lead to data breaches, system compromise, and further malicious activities. Given the widespread use of OpenSSL, a large number of systems are potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of rust-openssl that addresses CVE-2026-41676.\u003c/li\u003e\n\u003cli\u003eIf upgrading rust-openssl is not immediately feasible, ensure that OpenSSL 1.1.1 is not in use. Consider upgrading to a newer, supported version of OpenSSL.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided below to detect potential exploitation attempts targeting CVE-2026-41676.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-08T12:00:00Z","date_published":"2024-01-08T12:00:00Z","id":"/briefs/2024-01-08-cve-2026-41676-rust-openssl-overflow/","summary":"CVE-2026-41676 is a buffer overflow vulnerability in rust-openssl's Deriver::derive and PkeyCtxRef::derive functions when used with OpenSSL 1.1.1, potentially leading to denial of service or arbitrary code execution.","title":"rust-openssl Deriver::derive and PkeyCtxRef::derive Buffer Overflow Vulnerability (CVE-2026-41676)","url":"https://feed.craftedsignal.io/briefs/2024-01-08-cve-2026-41676-rust-openssl-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Rust-Openssl","version":"https://jsonfeed.org/version/1.1"}