A vulnerability described as critical has been identified in rust-openssl up to 0.10.77. Affected is the function Deriver::derive/PkeyCtxRef::derive. The manipulation results in out-of-bounds write. This vulnerability is known as CVE-2026-41676. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
| Vendor | Product | Versions |
|---|---|---|
| rust-openssl_project | rust-openssl | rust/openssl: >= 0.9.27, < 0.10.78 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| oracle | oracle linux | cert_advisory | 90% |
Updated severity to CRITICAL, added CVE-2026-41676, and noted that no exploit is available.
Initial creation