{"id":"CVE-2026-41678","summary":"rust-openssl: Incorrect bounds assertion in aes key wrap","details":"rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.","aliases":["GHSA-8c75-8mhr-p7r9"],"modified":"2026-07-15T10:14:41.961396035Z","published":"2026-04-24T17:18:27.280Z","related":["CGA-v285-cxc2-m645","SUSE-SU-2026:22554-1","SUSE-SU-2026:2807-1","SUSE-SU-2026:2825-1","SUSE-SU-2026:2826-1","SUSE-SU-2026:2831-1","SUSE-SU-2026:2832-1","SUSE-SU-2026:2975-1","SUSE-SU-2026:2976-1","SUSE-SU-2026:2977-1","openSUSE-SU-2026:11210-1","openSUSE-SU-2026:11222-1","openSUSE-SU-2026:11223-1","openSUSE-SU-2026:11224-1","openSUSE-SU-2026:11237-1","openSUSE-SU-2026:11262-1","openSUSE-SU-2026:21274-1","openSUSE-SU-2026:21285-1","openSUSE-SU-2026:21292-1","openSUSE-SU-2026:21294-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-787"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41678.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41678.json"},{"type":"ADVISORY","url":"https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41678"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rust-openssl/rust-openssl","events":[{"introduced":"dbe0672dc468a89a7c03411fcba1a329c2c050b6"},{"fixed":"a6debf535674c9a073f455158743e6ba094cf1b4"}],"database_specific":{"extracted_events":[{"introduced":"0.10.24"},{"fixed":"0.10.78"}],"source":["AFFECTED_FIELD","CPE_RANGE"],"cpe":"cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:rust:*:*"}}],"versions":["openssl-v0.10.77","openssl-sys-v0.9.113","openssl-v0.10.76","openssl-sys-v0.9.112","openssl-v0.10.75","openssl-sys-v0.9.111","openssl-v0.10.74","openssl-sys-v0.9.110","openssl-v0.10.73","openssl-sys-v0.9.109","openssl-sys-v0.9.108","openssl-v0.10.72","openssl-sys-v0.9.107","openssl-v0.10.71","openssl-sys-v0.9.106","openssl-v0.10.70","openssl-sys-v0.9.105","openssl-v0.10.69","openssl-v0.10.68","openssl-v0.10.67","openssl-sys-v0.9.104","openssl-v0.10.66","openssl-v0.10.65","openssl-sys-v0.9.103","openssl-sys-v0.9.102","openssl-sys-v0.9.101","openssl-v0.10.64","openssl-sys-v0.9.100","openssl-v0.10.63","openssl-sys-v0.9.99","openssl-v0.10.62","openssl-sys-v0.9.98","openssl-v0.10.61","openssl-sys-v0.9.97","openssl-v0.10.60","openssl-sys-v0.9.96","openssl-v0.10.59","openssl-sys-v0.9.95","openssl-v0.10.58","openssl-sys-v0.9.94","openssl-sys-v0.9.93","openssl-v0.10.57","openssl-sys-v0.9.92","openssl-v0.10.56","openssl-sys-v0.9.91","openssl-sys-v0.9.90","openssl-v0.10.55","openssl-sys-v0.9.89","openssl-v0.10.54","openssl-v0.10.53","openssl-sys-v0.9.88","openssl-v0.10.52","openssl-sys-v0.9.87","openssl-v0.10.51","openssl-sys-v0.9.86","openssl-v0.10.50","openssl-sys-v0.9.85","openssl-v0.10.49","openssl-sys-v0.9.84","openssl-macros-v0.1.1","openssl-v0.10.48","openssl-sys-v0.9.83","openssl-v0.10.47","openssl-sys-v0.9.82","openssl-v0.10.46","openssl-sys-v0.9.81","openssl-v0.10.45","openssl-sys-v0.9.80","openssl-v0.10.44","openssl-sys-v0.9.79","openssl-v0.10.43","openssl-sys-v0.9.78","openssl-sys-v0.9.77","openssl-v0.10.42","openssl-sys-v0.9.76","openssl-v0.10.41","openssl-sys-v0.9.75","openssl-sys-v0.9.74","openssl-v0.10.40","openssl-v0.10.39","openssl-macros-v0.1.0","openssl-sys-v0.9.73","openssl-sys-v0.9.72","openssl-sys-v0.9.71","openssl-sys-v0.9.65","openssl-sys-v0.9.70","openssl-v0.10.38","openssl-sys-v0.9.69","openssl-v0.10.37","openssl-sys-v0.9.68","openssl-sys-v0.9.67","openssl-v0.10.36","openssl-sys-v0.9.66","openssl-errors-v0.2.0","openssl-v0.10.35","openssl-sys-v0.9.64","openssl-sys-v0.9.63","openssl-v0.10.34","openssl-sys-v0.9.62","openssl-v0.10.33","openssl-sys-v0.9.61","openssl-v0.10.32","openssl-sys-v0.9.60","openssl-v0.10.31","openssl-sys-v0.9.59","openssl-v0.10.30","openssl-sys-v0.9.58","openssl-sys-v0.9.57","openssl-sys-v0.9.56","openssl-v0.10.29","openssl-sys-v0.9.55","openssl-v0.10.28","openssl-v0.9.27","openssl-v0.10.27","openssl-sys-v0.9.54","openssl-v0.10.26","openssl-sys-v0.9.53","openssl-sys-v0.9.52","openssl-sys-v0.9.51","openssl-v0.10.25","openssl-sys-v0.9.50","openssl-sys-v0.9.49","openssl-v0.10.24"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41678.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}]}