CVE-2026-41681: rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check
Overview
- Severity
- N/A
- Exploit Status
- Not Exploited
- Patch Tuesday
- 2026-Apr
- Released
- 2026-04-26
- Last Updated
- 2026-04-30
- EPSS Score
- 0.06% (percentile: 19.4%)
Affected Products (12)
Open Source Software
- azl3 python-cryptography 42.0.5-4 on Azure Linux 3.0
- azl3 rpm-ostree 2024.4-8 on Azure Linux 3.0
- azl3 trident 0.22.0-1 on Azure Linux 3.0
- azl3 clamav 1.5.2-2 on Azure Linux 3.0
- azl3 rpm-ostree 2024.4-10 on Azure Linux 3.0
- azl3 rust 1.75.0-28 on Azure Linux 3.0
- azl3 rust 1.90.0-7 on Azure Linux 3.0
- azl3 clamav 1.5.2-1 on Azure Linux 3.0
- cbl2 rust 1.72.0-15 on CBL Mariner 2.0
- azl3 rust 1.75.0-27 on Azure Linux 3.0
- azl3 rust 1.90.0-6 on Azure Linux 3.0
- azl3 rust-afterburn 5.8.2-1 on Azure Linux 3.0
Revision History
- 2026-04-26: Information published.
- 2026-04-27: Information published.
- 2026-04-29: Information published.
- 2026-04-30: Information published.
- 2026-04-30: Information published.