VulnerableCode Package Details - pkg:pypi/pyopenssl@25.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-dt7c-fvqj-2bek Aliases: CVE-2026-27448 GHSA-vp96-hxj8-p424	pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback If a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the connection. Credit to Leury Castillo for reporting this issue.	26.0.0 Affected by 0 other vulnerabilities.
VCID-mt1s-vhfk-5bda Aliases: CVE-2026-27459 GHSA-5pwr-322w-8jr4	pyOpenSSL DTLS cookie callback buffer overflow If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected.	26.0.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-dt7c-fvqj-2bek
Aliases:
CVE-2026-27448
GHSA-vp96-hxj8-p424

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback If a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the connection. Credit to **Leury Castillo** for reporting this issue.

26.0.0
Affected by 0 other vulnerabilities.

VCID-mt1s-vhfk-5bda
Aliases:
CVE-2026-27459
GHSA-5pwr-322w-8jr4

pyOpenSSL DTLS cookie callback buffer overflow If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Cookie values that are too long are now rejected.

26.0.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-06T16:31:08.005285+00:00	GitLab Importer	Affected by	VCID-dt7c-fvqj-2bek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27448.yml	38.6.0
2026-05-06T16:31:04.833272+00:00	GitLab Importer	Affected by	VCID-mt1s-vhfk-5bda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27459.yml	38.6.0
2026-04-29T23:25:47.712208+00:00	GitLab Importer	Affected by	VCID-dt7c-fvqj-2bek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27448.yml	38.5.0
2026-04-29T23:25:44.758070+00:00	GitLab Importer	Affected by	VCID-mt1s-vhfk-5bda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27459.yml	38.5.0
2026-04-19T18:05:25.554226+00:00	GitLab Importer	Affected by	VCID-dt7c-fvqj-2bek	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27448.yml	38.4.0
2026-04-19T18:05:22.308040+00:00	GitLab Importer	Affected by	VCID-mt1s-vhfk-5bda	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyOpenSSL/CVE-2026-27459.yml	38.4.0