2461608 – (CVE-2026-41681) CVE-2026-41681 rust-openssl: rust-openssl: Memory corruption due to buffer overflow in EVP_DigestFinal()

Bug 2461608 (CVE-2026-41681) - CVE-2026-41681 rust-openssl: rust-openssl: Memory corruption due to buffer overflow in EVP_DigestFinal()

Summary: CVE-2026-41681 rust-openssl: rust-openssl: Memory corruption due to buffer ov...

Keywords:
Status:	NEW
Alias:	CVE-2026-41681
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2461807 2461808
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-24 18:01 UTC by OSIDB Bzimport
Modified:	2026-04-25 12:12 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-24 18:01:51 UTC

rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.

Note You need to log in before you can comment on or make changes to this bug.