16 matches found
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer
The FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut u8 that was handed to the closure. This can lead to...
pyOpenSSL DTLS cookie callback buffer overflow
...
CVE-2026-27459
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
CVE-2026-27459
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....
CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....
CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....
CVE-2026-27459
CVE-2026-27459 affects the pyOpenSSL Python wrapper around OpenSSL. Before 26.0.0, specifically in 22.0.0 through 25.x, a callback provided to set_cookie_generate_callback could return a cookie value >256 bytes, causing an overflow of an OpenSSL buffer. Starting with 26.0.0, such long cookie v...
CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....
Buffer Overflow
Overview Affected versions of this package are vulnerable to Buffer Overflow via the setcookiegeneratecallback function. An attacker can cause a buffer overflow by providing a callback that returns a cookie value greater than 256 bytes. Note: This is only exploitable if the application explicitly...
GHSA-5PWR-322W-8JR4 pyOpenSSL DTLS cookie callback buffer overflow
If a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected...
PT-2026-25840
Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 22.0.0 through 25.3.0 Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set cookie generate callback function returned a cookie value exceeding 256 bytes, pyOpenSSL woul...
CVE-2025-57800
Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie,...