rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Description

A vulnerability described as critical has been identified in rust-openssl up to 0.10.77. Affected is the function Deriver::derive/PkeyCtxRef::derive. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-41676. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

Affected Products

Vendor	Product	Versions
rust-openssl	rust-openssl	>= 0.9.27, < 0.10.78

References

https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5(x_refsource_CONFIRM)

Related News (3 articles)

Tier A

Microsoft MSRC5h ago

CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

→ No new info (linked only)

Tier C

oss-security1d ago

rust-openssl-v0.10.78 fixes 5 CVEs

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-41676 | rust-openssl up to 0.10.77 derive out-of-bounds write (GHSA-pqf5-4pqq-29f5)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

openssl@0.10.78

CWECWE-787, CWE-131

PublishedApr 22, 2026

Last enriched1d agov2

Community Vote

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated severity to CRITICAL, added CVE-2026-41676, and noted that no exploit is available.

descriptionseverityactivelyExploited

via VulDB

v13d ago

Initial creation

rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Description

Affected Products

References

Related News (3 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History