CVE-2026-42327 in rust-opensslИнформация

Сводка

по MITRE • 15.05.2026

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref<Target = str> wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a &str that violates the UTF-8 invariant — resulting in undefined behavior. This vulnerability is fixed in 0.10.79.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

26.04.2026

Раскрытие

15.05.2026

Модерация

принято

Вход

VDB-364000

CPE

готов

CWE

CWE-295 (Подтверждённый)

CVSS

3.7 (VulDB)

EPSS

0.00021

KEV

Нет

Деятельности

Очень низкий

Сектор

Lawfirm, Hospital, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-42327
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-42327
CVE Details	https://www.cvedetails.com/cve/CVE-2026-42327/

◂ Предыдущий Обзор Далее ▸

Want to know what is going to be exploited?

We predict KEV entries!