9.8

CVE-2026-27459

pyOpenSSL DTLS cookie callback buffer overflow

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PyopensslPyopenssl Version >= 22.0.0 < 26.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.7% 0.487
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 7.2 0 0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4
Vendor Advisory
https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408
Patch
https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst
Release Notes
https://access.redhat.com/errata/RHSA-2026:13508
https://access.redhat.com/errata/RHSA-2026:13545
https://access.redhat.com/errata/RHSA-2026:13512
https://access.redhat.com/errata/RHSA-2026:19375
https://access.redhat.com/errata/RHSA-2026:21017
https://access.redhat.com/errata/RHSA-2026:22465
https://access.redhat.com/errata/RHSA-2026:24853
https://access.redhat.com/errata/RHSA-2026:13553
https://access.redhat.com/errata/RHSA-2026:14835
https://access.redhat.com/errata/RHSA-2026:14873
https://access.redhat.com/errata/RHSA-2026:14874
https://access.redhat.com/errata/RHSA-2026:11856
https://access.redhat.com/errata/RHSA-2026:11916
https://access.redhat.com/errata/RHSA-2026:11996
https://access.redhat.com/errata/RHSA-2026:8437
https://access.redhat.com/errata/RHSA-2026:10754
https://access.redhat.com/errata/RHSA-2026:7224
https://access.redhat.com/security/cve/CVE-2026-27459
https://bugzilla.redhat.com/show_bug.cgi?id=2448503
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27459.json