crates.io package
openssl
pkg:cargo/openssl
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41898 | Cri | 9.8 | >= 0.9.24, < 0.10.78 | 0.10.78 | Apr 24, 2026 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the use | |
| CVE-2026-41681 | Cri | 9.8 | >= 0.10.39, < 0.10.78 | 0.10.78 | Apr 24, 2026 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the sta | |
| CVE-2026-41678 | Cri | 9.8 | >= 0.10.24, < 0.10.78 | 0.10.78 | Apr 24, 2026 | rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8, | |
| CVE-2026-41677 | Cri | 9.1 | >= 0.9.0, < 0.10.78 | 0.10.78 | Apr 24, 2026 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can caus | |
| CVE-2026-41676 | Cri | 9.8 | >= 0.9.27, < 0.10.78 | 0.10.78 | Apr 24, 2026 | rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, | |
| CVE-2023-53159 | — | >= 0.10.0, < 0.10.55 | 0.10.55 | Jul 28, 2025 | The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. | ||
| CVE-2025-24898 | Med | — | >= 0.10.0, < 0.10.70 | 0.10.70 | Feb 3, 2025 | rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's | |
| CVE-2018-20997 | — | >= 0.10.8, < 0.10.9 | 0.10.9 | Aug 26, 2019 | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | ||
| CVE-2016-10931 | — | < 0.9.0 | 0.9.0 | Aug 26, 2019 | An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. |
- affected >= 0.9.24, < 0.10.78fixed 0.10.78
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the use
- affected >= 0.10.39, < 0.10.78fixed 0.10.78
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the sta
- affected >= 0.10.24, < 0.10.78fixed 0.10.78
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but this condition is reversed. The intended invariant is out.len() >= in_.len() - 8,
- affected >= 0.9.0, < 0.10.78fixed 0.10.78
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can caus
- affected >= 0.9.27, < 0.10.78fixed 0.10.78
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519,
- CVE-2023-53159Jul 28, 2025affected >= 0.10.0, < 0.10.55fixed 0.10.55
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
- affected >= 0.10.0, < 0.10.70fixed 0.10.70
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's
- CVE-2018-20997Aug 26, 2019affected >= 0.10.8, < 0.10.9fixed 0.10.9
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
- CVE-2016-10931Aug 26, 2019affected < 0.9.0fixed 0.9.0
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.