Bug 2477618 (CVE-2026-42327) - CVE-2026-42327 rust-openssl: rust-openssl: Arbitrary code execution via specially crafted certificate
Summary: CVE-2026-42327 rust-openssl: rust-openssl: Arbitrary code execution via speci...
Keywords:
Status: NEW
Alias: CVE-2026-42327
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2479904 2479905
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-14 21:01 UTC by OSIDB Bzimport
Modified: 2026-05-19 19:03 UTC (History)
66 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-14 21:01:35 UTC
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref<Target = str> wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a &str that violates the UTF-8 invariant — resulting in undefined behavior. This vulnerability is fixed in 0.10.79.


Note You need to log in before you can comment on or make changes to this bug.