rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

Description

A vulnerability, which was classified as critical, was found in rust-openssl up to 0.10.77. This vulnerability affects the function set_psk_client_callback/set_psk_server_callback/set_cookie_generate_cb/set_stateless_cookie_generate_cb. Executing a manipulation can lead to buffer over-read. The identification of this vulnerability is CVE-2026-41898. The attack may be launched remotely.

Affected Products

Vendor	Product	Versions
rust-openssl	rust-openssl	>= 0.9.24, < 0.10.78, 0.10.77

References

https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3(x_refsource_CONFIRM)
https://github.com/rust-openssl/rust-openssl/pull/2607(x_refsource_MISC)
https://github.com/rust-openssl/rust-openssl/commit/1d109020d98fff2fb2e45c39a373af3dff99b24c(x_refsource_MISC)
https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78(x_refsource_MISC)

Related News (2 articles)

Tier C

oss-security1d ago

rust-openssl-v0.10.78 fixes 5 CVEs

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-41898 | rust-openssl up to 0.10.77 buffer over-read (GHSA-hppc-g8h3-xhp3)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

0.10.78

CWECWE-126, CWE-130

PublishedApr 24, 2026

Last enriched1d agov3

Community Vote

Version History

Last enriched 1d ago

v3Tier C1d ago

Updated patch version to 0.10.78 and added new CVE IDs and relevant tags.

rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History