Lucene search
K

9541 matches found

Vulnrichment
Vulnrichment
added 2026/04/24 5:18 p.m.8 views

CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS5.5AI score0.00294EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:18 p.m.3 views

CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS5.6AI score0.00294EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/24 5:18 p.m.21 views

CVE-2026-41678

CVE-2026-41678 affects rust-openssl bindings. The aes::unwrap_key() function contains an inverted assertion (out.len() + 8 = in_.len() - 8, allowing potential out-of-bounds writes when buffers are smaller than required. This vulnerability is limited to versions before 0.10.78; 0.10.78 fixes the i...

9.8CVSS5.5AI score0.00294EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/04/24 5:18 p.m.6 views

CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.8CVSS5.5AI score0.00294EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/24 5:18 p.m.35 views

CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 5:17 p.m.5 views

EUVD-2026-25583

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

6.3CVSS5.5AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/04/24 5:17 p.m.29 views

CVE-2026-41677

CVE-2026-41677 affects the rust-openssl bindings for Rust. From 0.9.0 up to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user’s callback, allowing a password callback that returns more data than the destination buffer to cause an over-read in some OpenS...

9.1CVSS5.5AI score0.00294EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:17 p.m.4 views

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

6.3CVSS5.6AI score0.00294EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/24 5:17 p.m.5 views

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

9.1CVSS5.5AI score0.00294EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/24 5:17 p.m.31 views

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

6.3CVSS0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 5:17 p.m.8 views

CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

6.3CVSS5.5AI score0.00294EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/24 5:16 p.m.6 views

CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.8CVSS5.4AI score0.00298EPSS
Exploits0
EUVD
EUVD
added 2026/04/24 5:16 p.m.5 views

EUVD-2026-25582

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.2CVSS5.3AI score0.00298EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:16 p.m.3 views

CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.2CVSS5.4AI score0.00298EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 5:16 p.m.4 views

CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.2CVSS5.4AI score0.00298EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 5:16 p.m.33 views

CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.2CVSS0.00298EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/24 12:0 p.m.8 views

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0111...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/24 12:0 p.m.17 views

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0136...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/24 12:0 p.m.8 views

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0137...

5.7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/24 12:0 p.m.11 views

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0135...

5.7AI score
Exploits0
Rows per page
Query Builder