2477694 – (CVE-2026-44662) CVE-2026-44662 rust-openssl: rust-openssl: Heap corruption due to incorrect output buffer sizing in AES key-wrap-with-padding ciphers

Bug 2477694 (CVE-2026-44662) - CVE-2026-44662 rust-openssl: rust-openssl: Heap corruption due to incorrect output buffer sizing in AES key-wrap-with-padding ciphers

Summary: CVE-2026-44662 rust-openssl: rust-openssl: Heap corruption due to incorrect o...

Keywords:
Status:	NEW
Alias:	CVE-2026-44662
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-14 21:04 UTC by OSIDB Bzimport
Modified:	2026-05-19 19:01 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-14 21:04:54 UTC

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.

Note You need to log in before you can comment on or make changes to this bug.