Main Vulnerability Database Vulnerabilities #VU126495

Stack-based buffer overflow in rust-openssl - #VU126495

Published: April 20, 2026

Vulnerability identifier: #VU126495

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Steven Fackler

Affected software:
rust-openssl

Detailed vulnerability description

The vulnerability allows a remote attacker to cause memory corruption.

The vulnerability exists due to a stack-based buffer overflow in MdCtxRef::digest_final() when processing a caller-supplied output buffer. A remote attacker can trigger the function with an undersized output buffer to cause memory corruption.

This issue is reachable from safe Rust.

Remediation

Install security update from vendor's website.

Sources

https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj

Stack-based buffer overflow in rust-openssl - #VU126495

Detailed vulnerability description

Remediation

Sources

Please verify you're human