CVE-2026-41681 Overview
CVE-2026-41681 is a stack buffer overflow vulnerability in rust-openssl, a library that provides OpenSSL bindings for the Rust programming language. The vulnerability exists in versions 0.10.39 through 0.10.77, where the MdCtxRef::digest_final() function can write past the end of a provided output buffer.
The core issue stems from how EVP_DigestFinal() operates—it always writes EVP_MD_CTX_size(ctx) bytes to the output buffer. When the provided out buffer is smaller than this size, the function writes beyond its boundaries, typically corrupting the stack. Critically, this vulnerability is reachable from safe Rust code, undermining one of Rust's core memory safety guarantees.
Critical Impact
Stack buffer overflow reachable from safe Rust code can lead to stack corruption, potential code execution, and defeats Rust's memory safety guarantees.
Affected Products
- rust-openssl versions 0.10.39 to 0.10.77
- Applications using MdCtxRef::digest_final() with undersized output buffers
- Rust projects with rust-openssl as a dependency in the affected version range
Discovery Timeline
- 2026-04-24 - CVE CVE-2026-41681 published to NVD
- 2026-04-28 - Last updated in NVD database
Technical Details for CVE-2026-41681
Vulnerability Analysis
This vulnerability represents a significant breach of Rust's memory safety model. Rust is designed to prevent memory corruption bugs through its ownership system and borrow checker, but unsafe code in FFI (Foreign Function Interface) bindings can still introduce vulnerabilities. In this case, the rust-openssl library's binding to OpenSSL's EVP_DigestFinal() function failed to validate that the output buffer was large enough to receive the digest output.
The EVP_DigestFinal() function from OpenSSL writes a fixed number of bytes determined by EVP_MD_CTX_size(ctx), which varies depending on the hash algorithm in use (e.g., 32 bytes for SHA-256, 64 bytes for SHA-512). If an application provides a smaller buffer, the function overwrites adjacent stack memory, leading to corruption.
Root Cause
The root cause is a missing bounds check in MdCtxRef::digest_final() before calling the underlying OpenSSL EVP_DigestFinal() function. The function accepted any slice as output without verifying its size against the expected digest length. This allowed callers to inadvertently trigger a stack buffer overflow by providing an undersized buffer.
Attack Vector
The vulnerability is exploitable over the network in scenarios where:
- An application uses rust-openssl for cryptographic operations
- User-controlled data influences the size of the output buffer passed to digest_final()
- The attacker can trigger digest computations with undersized buffers
Exploitation could lead to stack corruption, denial of service through crashes, or potentially arbitrary code execution if an attacker can carefully control the overflow data.
pub fn digest_final(&mut self, out: &mut [u8]) -> Result<usize, ErrorStack> {
let mut len = u32::try_from(out.len()).unwrap_or(u32::MAX);
+ if self.size() > len as usize {
+ return Err(ErrorStack::get());
+ }
+
unsafe {
cvt(ffi::EVP_DigestFinal(
self.as_ptr(),
Source: GitHub Commit Update
The patch adds a bounds check that compares the expected digest size (self.size()) against the provided buffer length before calling the unsafe FFI function. If the buffer is too small, it returns an error instead of proceeding with the overflow.
Detection Methods for CVE-2026-41681
Indicators of Compromise
- Unexpected application crashes with stack corruption patterns in rust-openssl-dependent applications
- Segmentation faults or memory access violations during cryptographic operations
- Anomalous behavior in applications processing user-supplied cryptographic parameters
- Core dumps showing stack smashing or canary violations in digest-related code paths
Detection Strategies
- Audit Cargo.lock and Cargo.toml files for rust-openssl versions between 0.10.39 and 0.10.77
- Use cargo audit to scan Rust projects for known vulnerable dependencies
- Deploy runtime memory protection tools (ASAN, stack canaries) to detect overflow attempts
- Monitor application logs for ErrorStack or digest-related errors that may indicate exploitation attempts
Monitoring Recommendations
- Implement continuous dependency scanning in CI/CD pipelines using tools like cargo-deny or cargo-audit
- Enable stack protection mechanisms (stack canaries, ASLR) on production systems
- Set up alerts for unexpected crashes in applications using cryptographic libraries
- Review application code for patterns passing user-controlled buffer sizes to digest functions
How to Mitigate CVE-2026-41681
Immediate Actions Required
- Upgrade rust-openssl to version 0.10.78 or later immediately
- Run cargo update -p openssl to update the dependency in your project
- Rebuild and redeploy all affected applications after the upgrade
- Audit code for patterns that pass potentially undersized buffers to digest_final()
Patch Information
The vulnerability is fixed in rust-openssl version 0.10.78. The fix introduces a bounds check that validates the output buffer size against the expected digest length before calling the underlying OpenSSL function.
- Fixed Version:0.10.78
- Patch Commit:826c3888b77add418b394770e2b2e3a72d9f92fe
- Security Advisory:GHSA-ghm9-cr32-g9qj
- Release Notes:openssl-v0.10.78
Workarounds
- Ensure all buffers passed to digest_final() are at least as large as the expected digest size for the algorithm in use
- Use MdCtx::size() to determine the required buffer size before calling digest_final()
- Consider using higher-level APIs that handle buffer sizing automatically
- If upgrading is not immediately possible, add manual bounds checks before calling digest functions
# Update rust-openssl dependency
cargo update -p openssl
# Verify the updated version
cargo tree -p openssl | grep openssl
# Run security audit
cargo audit
# Rebuild the project
cargo build --release
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
