Double Free

Overview Affected versions of this package are vulnerable to Double Free in the computehashtosign function. An attacker can cause heap corruption and potentially crash the application by triggering a failure in EVPDigestFinal after memory has already been freed, leading to a second free operation...

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

CVE-2026-41681

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from sa...

rust-openssl 安全漏洞

rust-openssl is an open-source library designed for interacting with the OpenSSL library. There were security vulnerabilities in the version of rust-openssl from 0.10.39 to 0.10.78. These vulnerabilities stemmed from the EVPDigestFinal function, which always writes EVPMDCTXsize bytes into the...

PT-2026-34623

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.10.39 through 0.10.77 Description The EVP DigestFinal function always writes EVP MD CTX sizectx to the out buffer. If the out buffer is smaller than that size, the MdCtxRef::digest final function writes past its end,...

go-toolset:ol8 security update

delve golang 1.21.13-3 - Add evp-digest-sign-final.patch - Resolves: RHEL-61109 go-toolset...