Heap-based Buffer Overflow in openssl | CVE-2026-45784

Q: How to fix?

Upgrade openssl to version 0.10.80 or higher.

Introduced: 19 May 2026

NewCVE-2026-45784 (opens in a new tab) CWE-122 (opens in a new tab) CWE-787 (opens in a new tab)

How to fix?

Upgrade openssl to version 0.10.80 or higher.

Overview

openssl is a bindings for the Rust programming language.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the CipherCtxRef::cipher_update_inplace() function when handling AES key-wrap-with-padding ciphers. An attacker can cause heap corruption by providing a plaintext length that is not a multiple of 8, resulting in up to 7 bytes being written past the end of the output buffer.

Note: This is a bypass of the fix for the vulnerability described in CVE-2026-44662.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Local
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
None
Integrity (VI)
Low
Availability (VA)
Low

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Heap-based Buffer Overflow Affecting openssl package, versions >=0.10.50 <0.10.80

Severity

Do your applications use this vulnerable package?

Snyk Learn

Introduced: 19 May 2026

How to fix?

Overview

References

CVSS Base Scores

Snyk