{"id":"CVE-2026-41681","summary":"rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check","details":"rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.","aliases":["GHSA-ghm9-cr32-g9qj"],"modified":"2026-07-16T18:29:38.378867074Z","published":"2026-04-24T17:19:15.187Z","related":["CGA-g63c-g32c-78mh","SUSE-SU-2026:22554-1","SUSE-SU-2026:22583-1","SUSE-SU-2026:22589-1","SUSE-SU-2026:22593-1","SUSE-SU-2026:2807-1","SUSE-SU-2026:2825-1","SUSE-SU-2026:2826-1","SUSE-SU-2026:2831-1","SUSE-SU-2026:2832-1","SUSE-SU-2026:2975-1","SUSE-SU-2026:2976-1","SUSE-SU-2026:2977-1","SUSE-SU-2026:3022-1","SUSE-SU-2026:3026-1","SUSE-SU-2026:3040-1","openSUSE-SU-2026:11210-1","openSUSE-SU-2026:11222-1","openSUSE-SU-2026:11223-1","openSUSE-SU-2026:11224-1","openSUSE-SU-2026:11262-1","openSUSE-SU-2026:21274-1","openSUSE-SU-2026:21285-1","openSUSE-SU-2026:21292-1","openSUSE-SU-2026:21294-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-121"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41681.json"},"references":[{"type":"WEB","url":"https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41681.json"},{"type":"ADVISORY","url":"https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41681"},{"type":"FIX","url":"https://github.com/rust-openssl/rust-openssl/commit/826c3888b77add418b394770e2b2e3a72d9f92fe"},{"type":"FIX","url":"https://github.com/rust-openssl/rust-openssl/pull/2608"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rust-openssl/rust-openssl","events":[{"introduced":"936aba3c6062a1aa8166cde1306a5763523aca23"},{"fixed":"a6debf535674c9a073f455158743e6ba094cf1b4"},{"fixed":"826c3888b77add418b394770e2b2e3a72d9f92fe"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:rust-openssl_project:rust-openssl:*:*:*:*:*:rust:*:*","extracted_events":[{"introduced":"0.10.39"},{"fixed":"0.10.78"}]}}],"versions":["openssl-v0.10.77","openssl-sys-v0.9.113","openssl-v0.10.76","openssl-sys-v0.9.112","openssl-v0.10.75","openssl-sys-v0.9.111","openssl-v0.10.74","openssl-sys-v0.9.110","openssl-v0.10.73","openssl-sys-v0.9.109","openssl-sys-v0.9.108","openssl-v0.10.72","openssl-sys-v0.9.107","openssl-v0.10.71","openssl-sys-v0.9.106","openssl-v0.10.70","openssl-sys-v0.9.105","openssl-v0.10.69","openssl-v0.10.68","openssl-v0.10.67","openssl-sys-v0.9.104","openssl-v0.10.66","openssl-v0.10.65","openssl-sys-v0.9.103","openssl-sys-v0.9.102","openssl-sys-v0.9.101","openssl-v0.10.64","openssl-sys-v0.9.100","openssl-v0.10.63","openssl-sys-v0.9.99","openssl-v0.10.62","openssl-sys-v0.9.98","openssl-v0.10.61","openssl-sys-v0.9.97","openssl-v0.10.60","openssl-sys-v0.9.96","openssl-v0.10.59","openssl-sys-v0.9.95","openssl-v0.10.58","openssl-sys-v0.9.94","openssl-sys-v0.9.93","openssl-v0.10.57","openssl-sys-v0.9.92","openssl-v0.10.56","openssl-sys-v0.9.91","openssl-sys-v0.9.90","openssl-v0.10.55","openssl-sys-v0.9.89","openssl-v0.10.54","openssl-v0.10.53","openssl-sys-v0.9.88","openssl-v0.10.52","openssl-sys-v0.9.87","openssl-v0.10.51","openssl-sys-v0.9.86","openssl-v0.10.50","openssl-sys-v0.9.85","openssl-v0.10.49","openssl-sys-v0.9.84","openssl-macros-v0.1.1","openssl-v0.10.48","openssl-sys-v0.9.83","openssl-v0.10.47","openssl-sys-v0.9.82","openssl-v0.10.46","openssl-sys-v0.9.81","openssl-v0.10.45","openssl-sys-v0.9.80","openssl-v0.10.44","openssl-sys-v0.9.79","openssl-v0.10.43","openssl-sys-v0.9.78","openssl-sys-v0.9.77","openssl-v0.10.42","openssl-sys-v0.9.76","openssl-v0.10.41","openssl-sys-v0.9.75","openssl-sys-v0.9.74","openssl-v0.10.40","openssl-v0.10.39"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41681.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}]}