CVE-2026-27459
Buffer Overflow in pyOpenSSL Cookie Callback Causes Memory Corruption
Publication date: 2026-03-18
Last updated on: 2026-03-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pyopenssl | pyopenssl | From 22.0.0 (inc) to 26.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-27459 is a buffer overflow vulnerability in the pyOpenSSL library versions 22.0.0 up to but not including 26.0.0. It occurs when a user-supplied callback function, set via `set_cookie_generate_callback` for DTLS cookie generation, returns a cookie value longer than 256 bytes. This oversized cookie causes an overflow of a fixed-size buffer allocated by OpenSSL, leading to potential memory corruption.
The vulnerability was fixed in version 26.0.0 by adding a length check that rejects cookie values exceeding the maximum allowed length, preventing the buffer overflow.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption due to a buffer overflow when processing DTLS cookies. Memory corruption can cause application crashes, denial of service, or potentially allow an attacker to execute arbitrary code or escalate privileges depending on the context in which pyOpenSSL is used.
Since the vulnerability involves a network security protocol (DTLS), it could be exploited remotely if an attacker can influence the cookie generation callback, making it a moderate severity security risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability arises when a user-provided callback to set_cookie_generate_callback returns a cookie value exceeding 256 bytes, causing a buffer overflow in pyOpenSSL versions 22.0.0 to before 26.0.0.'}, {'type': 'paragraph', 'content': 'Detection involves verifying if your pyOpenSSL version is between 22.0.0 and before 26.0.0 and if any DTLS cookie generation callbacks return oversized cookies.'}, {'type': 'paragraph', 'content': 'A practical approach is to test the DTLS handshake process with a callback that deliberately returns a cookie longer than 256 bytes and observe if a ValueError is raised, indicating the presence or absence of the fix.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is in the pyOpenSSL library, you can check the installed version with the command:'}, {'type': 'list_item', 'content': 'python -c "import OpenSSL; print(OpenSSL.__version__)"'}, {'type': 'paragraph', 'content': 'To detect attempts to exploit this vulnerability on your network, monitor for abnormal DTLS handshake failures or crashes related to cookie generation.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade pyOpenSSL to version 26.0.0 or later, where the vulnerability is fixed by rejecting cookie values longer than 256 bytes.
If upgrading immediately is not possible, ensure that any user-provided callbacks to set_cookie_generate_callback do not return cookie values exceeding 256 bytes.
Additionally, monitor your systems for unusual DTLS handshake errors that could indicate exploitation attempts.