VYPR
High severityNVD Advisory· Published Mar 17, 2026· Updated Mar 18, 2026

pyOpenSSL DTLS cookie callback buffer overflow

CVE-2026-27459

Description

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to set_cookie_generate_callback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pyopensslPyPI
>= 22.0.0, < 26.0.026.0.0

Affected products

55

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.