pyOpenSSL
Moderate fix1 remedy
cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*
Moderate fix1 remedy
- >= 22.0.0, < 26.0.0
pyOpenSSL Buffer Overflow Vulnerability in DTLS Cookie Generation
Vulnerability
Patched
A buffer overflow vulnerability has been identified in pyOpenSSL, a Python wrapper for the OpenSSL library. This issue affects pyOpenSSL versions 22.0.0 prior to 26.0.0. The vulnerability arises when a user-defined callback, set through the 'set_cookie_generate_callback' method, returns a cookie value exceeding 256 bytes. In such cases, pyOpenSSL would overflow a buffer provided by OpenSSL, corrupting adjacent memory.
Impact
Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or causing a program to crash.
Reproduction
To reproduce this vulnerability, set a callback for the 'set_cookie_generate_callback' that returns a value longer than 256 bytes. When the DTLS handshake is initiated, the oversized cookie will cause a buffer overflow by exceeding the allocated memory space for the cookie, potentially overwriting adjacent memory and leading to undefined behavior.
Remediation
Users can upgrade to pyOpenSSL version 26.0.0 or later, where this vulnerability has been patched.
Added: Mar 18, 2026, 12:28 AM
Updated: Mar 18, 2026, 12:28 AM
Vulnerability Rating
Custom Algorithm
spread
7.3impact
3.8exploitability
4.4remediation
7.7relevance
4.1threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.