← Back to feed
Update:
[MODERATE] GHSA-phqj-4mhp-q6mq: rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
GitHub Security Advisory·Security·SecurityFix·5/19/2026
`CipherCtxRef::cipher_update_inplace` incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corru
Why it matters → openssl released an update. Review the changelog for relevant changes.
Who should care → Teams using openssl.
opensslrust
View original source ↗Source payload preview
{
"ghsaId": "GHSA-phqj-4mhp-q6mq",
"summary": "rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers",
"severity": "MODERATE",
"updatedAt": "2026-05-19T19:50:15Z",
"references": [
{
"url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-phqj-4mhp-q6mq"
},
{
"url": "https://github.com/advisories/GHSA-phqj-4mhp-q6mq"
}
],
"description": "`CipherCtxRef::cipher_update_inplace` incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker
…