Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.2
pyOpenSSL DTLS Cookie Overflow Risk: Large Cookie Values Crash Application
GHSA-5pwr-322w-8jr4
CVE-2026-27459
GHSA-5pwr-322w-8jr4
Summary
A bug in pyOpenSSL could cause a crash if a server is given a very long cookie value. This has been fixed by pyOpenSSL's developers, so you should update to the latest version to stay safe.
What to do
- Update pyopenssl to version 26.0.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | pyopenssl | > 22.0.0 , <= 26.0.0 | 26.0.0 |
Original title
pyOpenSSL DTLS cookie callback buffer overflow
Original description
If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer.
Cookie values that are too long are now rejected.
Cookie values that are too long are now rejected.
ghsa CVSS4.0
7.2
Vulnerability type
CWE-120
Classic Buffer Overflow
- https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4
- https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd40...
- https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/...
- https://github.com/advisories/GHSA-5pwr-322w-8jr4
- https://github.com/pyca/pyopenssl Product
Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026