{ "threat_severity" : "Important", "public_date" : "2026-03-17T23:34:28Z", "bugzilla" : { "description" : "pyOpenSSL: DTLS cookie callback buffer overflow", "id" : "2448503", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2448503" }, "cvss3" : { "cvss3_base_score" : "8.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-120", "details" : [ "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.", "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library." ], "statement" : "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.", "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13512", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.12-pyOpenSSL-0:26.0.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13512", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.12-pyOpenSSL-0:26.0.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6 for RHEL 9", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13508", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "automation-controller-0:4.7.11-2.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6 for RHEL 9", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13508", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "python3.12-pyOpenSSL-0:26.0.0-1.el9ap" }, { "product_name" : "Red Hat Satellite 6.16 for RHEL 8", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14874", "cpe" : "cpe:/a:redhat:satellite:6.16::el8", "package" : "python-pyOpenSSL-0:24.1.0-2.el8pc" }, { "product_name" : "Red Hat Satellite 6.16 for RHEL 8", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14874", "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el8", "package" : "python-pyOpenSSL-0:24.1.0-2.el8pc" }, { "product_name" : "Red Hat Satellite 6.16 for RHEL 9", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14874", "cpe" : "cpe:/a:redhat:satellite:6.16::el9", "package" : "python-pyOpenSSL-0:24.1.0-2.el9pc" }, { "product_name" : "Red Hat Satellite 6.16 for RHEL 9", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14874", "cpe" : "cpe:/a:redhat:satellite_capsule:6.16::el9", "package" : "python-pyOpenSSL-0:24.1.0-2.el9pc" }, { "product_name" : "Red Hat Satellite 6.17 for RHEL 9", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14873", "cpe" : "cpe:/a:redhat:satellite:6.17::el9", "package" : "python-pyOpenSSL-0:25.1.0-0.3.el9pc" }, { "product_name" : "Red Hat Satellite 6.17 for RHEL 9", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14873", "cpe" : "cpe:/a:redhat:satellite_capsule:6.17::el9", "package" : "python-pyOpenSSL-0:25.1.0-0.3.el9pc" }, { "product_name" : "Red Hat Satellite 6.18 for RHEL 9", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14835", "cpe" : "cpe:/a:redhat:satellite:6.18::el9", "package" : "python3.12-pyOpenSSL-0:26.0.0-2.el9pc" }, { "product_name" : "Red Hat Satellite 6.18 for RHEL 9", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14835", "cpe" : "cpe:/a:redhat:satellite_capsule:6.18::el9", "package" : "python3.12-pyOpenSSL-0:26.0.0-2.el9pc" }, { "product_name" : "RHUI 4 for RHEL 8", "release_date" : "2026-04-27T00:00:00Z", "advisory" : "RHSA-2026:10754", "cpe" : "cpe:/a:redhat:rhui:4::el8", "package" : "python-pyOpenSSL-0:24.1.0-2.el8ui" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13553", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-automation-platform-25/ee-supported-rhel8:1777398315" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13553", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-automation-platform-25/lightspeed-rhel8:1777403872" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13545", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/ansible-dev-tools-rhel9:1777390240" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13545", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/eda-controller-rhel9:1777296732" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13545", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/ee-supported-rhel9:1777391447" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13545", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/hub-rhel9:1777299023" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13545", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/lightspeed-rhel9:1777387242" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13545", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/platform-resource-runner-rhel9:1777390333" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-09T00:00:00Z", "advisory" : "RHSA-2026:7224", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "pyopenssl-main-26.0.0-1.1.hum1" }, { "product_name" : "Red Hat Quay 3.1", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11916", "cpe" : "cpe:/a:redhat:quay:3.10::el8", "package" : "quay/quay-rhel8:1776736910" }, { "product_name" : "Red Hat Quay 3.12", "release_date" : "2026-04-29T00:00:00Z", "advisory" : "RHSA-2026:11856", "cpe" : "cpe:/a:redhat:quay:3.12::el8", "package" : "quay/quay-rhel8:1776752646" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19375", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:1779204086" }, { "product_name" : "Red Hat Quay 3.9", "release_date" : "2026-04-30T00:00:00Z", "advisory" : "RHSA-2026:11996", "cpe" : "cpe:/a:redhat:quay:3.9::el8", "package" : "quay/quay-rhel8:1776782369" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.4", "release_date" : "2026-04-16T00:00:00Z", "advisory" : "RHSA-2026:8437", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.4::el9", "package" : "rhtas/model-transparency-rhel9:1775815407" } ], "package_state" : [ { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-26/controller-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-26/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3.11-pyOpenSSL", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3x-pyOpenSSL", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python-pyOpenSSL", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform Ansible Core 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform/ee-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_core:2" }, { "product_name" : "Red Hat Ansible Automation Platform Ansible Core 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_core:2" }, { "product_name" : "Red Hat Ansible Automation Platform Ansible Core 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-tech-preview/ee-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_core:2" }, { "product_name" : "Red Hat Ansible Automation Platform Ansible Core 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-tech-preview/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_core:2" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "pyOpenSSL", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "pyOpenSSL", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "pyOpenSSL", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-feature-server-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-mlflow-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "pyOpenSSL", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Not affected", "package_name" : "pyOpenSSL", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Not affected", "package_name" : "pyOpenSSL", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite-capsule:el8/python-pyOpenSSL", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite:el8/python-pyOpenSSL", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "satellite/iop-advisor-engine-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "satellite/iop-insights-engine-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-27459\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27459\nhttps://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst\nhttps://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\nhttps://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4" ], "name" : "CVE-2026-27459", "mitigation" : { "value" : "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.", "lang" : "en:us" }, "csaw" : false }