CVE-2026-41677

A flaw was found in rust-openssl, a library that provides OpenSSL functionalities for Rust applications. The library's password callback functions did not correctly check the size of data provided by a user's callback. This oversight could allow a specially crafted password callback to read beyon...

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

EUVD-2026-25583

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

CVE-2026-41677

CVE-2026-41677 affects the rust-openssl bindings for Rust. From 0.9.0 up to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user’s callback, allowing a password callback that returns more data than the destination buffer to cause an over-read in some OpenS...

rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length

The frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this...

PT-2026-34620

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the from pem callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

CVE-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...