rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers

Vulnerability

CipherCtxRef::cipher_update_inplace in the Rust OpenSSL bindings (openssl crate) mishandles output buffer sizing when using AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad) [1]. For plaintext lengths not a multiple of 8, OpenSSL writes up to 7 bytes beyond the caller's buffer or Vec, causing heap memory corruption. This affects versions >= 0.10.50 of the openssl crate [1]. The bug was missed in the fix for GHSA-xv59-967r-8726 [1].

Exploitation

An attacker needs to be able to influence the plaintext length passed to a cipher operation using one of the affected AES key-wrap-with-padding ciphers [1]. No authentication is explicitly required; the attacker may provide the plaintext length as part of the application's normal data flow. Exploitation does not require a special network position beyond normal application access. The attacker can trigger the out-of-bounds write by supplying a plaintext length that is not a multiple of 8 [1].

Impact

Successful exploitation results in attacker-controllable heap corruption [1]. The corruption of up to 7 bytes past the buffer boundary may lead to memory corruption, potential arbitrary code execution, or denial of service. The impact is limited to users employing the AES key-wrap-with-padding cipher modes [1].

Mitigation

As of the publication of the advisory [1], no patched version of the openssl crate has been released. Users are advised to avoid using the affected AES key-wrap-with-padding ciphers until a fix is available. The CVE is not listed in CISA's Known Exploited Vulnerabilities catalog. Monitor the project repository [2] for updates.