[SECURITY] Fedora 44 Update: rust-openssl-sys-0.9.114-1.fc44

FFI bindings to OpenSSL...

Linux Distros Unpatched Vulnerability : CVE-2026-41898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind...

CVE-2026-41898

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. Foreign Function Interface FFI trampolines in several SslContextBuilder callbacks did not properly validate the size of data returned by user-defined closures before passing it to OpenSSL. Th...

EUVD-2026-25587

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

GHSA-HPPC-G8H3-XHP3 rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer

The FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut u8 that was handed to the closure. This can lead to...

zantetsu-ffi is unmaintained

The zantetsu-ffi crate is no longer maintained. The Node.js, Python, and C FFI bindings it provided were removed as part of the zantetsu 0.2 release, which refocused the project on its core Rust library. A tombstone version 0.2.0 has been published and 0.1.4 has been yanked. There is no replaceme...

CVE-2026-30793

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

EUVD-2026-9827

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

CVE-2026-30793

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

CVE-2026-30793

The CVE-2026-30793 entry concerns RustDesk Client (rustdesk-client) on Windows, macOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules). A Cross-Site Request Forgery (CSRF) vulnerability affects the client via rustdesk://password/ flows and related program routines (flutter/li...

HSEC-2024-0008 Sign extension error in the PPC64le FFI

Sign extension error in the PPC64le FFI Numeric arguments of FFI call on the PPC64le backend may result in incorrect runtime values. For the most part, this bug only causes availability and data integrity issues. However, in some circumstances, it may result in other, more complicated security...

EUVD-2018-0350

Malware in sbrugna...

Redox UEFI Safe API can cause heap-buffer-overflow

ffi::nstr should be marked unsafe, since a pointer to a buffer without a trailing 0 value will cause a heap buffer overflow...

[SECURITY] Fedora 41 Update: rust-openssl-sys-0.9.107-1.fc41

FFI bindings to OpenSSL...

[SECURITY] Fedora 40 Update: rust-openssl-sys-0.9.107-1.fc40

FFI bindings to OpenSSL...

[SECURITY] Fedora 41 Update: rust-openssl-sys-0.9.105-1.fc41

FFI bindings to OpenSSL...

rustls network-reachable panic in `Acceptor::accept`

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...

GHSA-QG5G-GV98-5FFH rustls network-reachable panic in `Acceptor::accept`

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...

RUSTSEC-2024-0399 rustls network-reachable panic in `Acceptor::accept`

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...

rustls network-reachable panic in `Acceptor::accept`

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...