CVE-2026-41676: rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
(updated )
Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL.
References
- github.com/advisories/GHSA-pqf5-4pqq-29f5
- github.com/rust-openssl/rust-openssl
- github.com/rust-openssl/rust-openssl/commit/09b425e5f59a2466d806e71a83a9a449c914c596
- github.com/rust-openssl/rust-openssl/pull/2606
- github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78
- github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
- nvd.nist.gov/vuln/detail/CVE-2026-41676
Code Behaviors & Features
Detect and mitigate CVE-2026-41676 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →