If there are questions about either of these, I'm happy to answer. (Both of these require misbehaving Python code, so it's unlikely that either of them are exploitable IMO.)
Alex On Fri, Mar 20, 2026 at 10:01 PM Alan Coopersmith <[email protected]> wrote: > > https://www.pyopenssl.org/en/latest/changelog.html lists among the changes > in pyOpenSSL 26.0.0: > > > * Properly raise an error if a DTLS cookie callback returned a cookie longer > > than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a > > buffer-overflow. Credit to dark_haxor for reporting the issue. > > CVE-2026-27459 > > > > * Context.set_tlsext_servername_callback now handles exceptions raised in > > the callback by calling sys.excepthook and returning a fatal TLS alert. > > Previously, exceptions were silently swallowed and the handshake would > > proceed as if the callback had succeeded. > > Credit to Leury Castillo for reporting this issue. > > CVE-2026-27448 > > These are also listed at: > > https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 > https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424 > > but with not much more detail provided. > > -- > -Alan Coopersmith- [email protected] > Oracle Solaris Engineering - https://blogs.oracle.com/solaris > -- All that is necessary for evil to succeed is for good people to do nothing.
