CVE-2026-27459: pyOpenSSL DTLS cookie callback buffer overflow
(updated )
If a user provided callback to set_cookie_generate_callback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer.
Cookie values that are too long are now rejected.
References
- github.com/advisories/GHSA-5pwr-322w-8jr4
- github.com/pyca/pyopenssl
- github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst
- github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408
- github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4
- nvd.nist.gov/vuln/detail/CVE-2026-27459
Code Behaviors & Features
Detect and mitigate CVE-2026-27459 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →