CVE-2026-41677

ADVISORY - github

Summary

The *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-125⁠

Out-of-bounds Read

CWE-1284⁠

Improper Validation of Specified Quantity in Input

Impacted images

Advisories

GitHub

CREATED

5 hours ago

UPDATED

5 hours ago

ADVISORY IDGHSA-xmgf-hq76-4vx2⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-125⁠CWE-1284⁠

CVSS SCORE

1.7low