OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-29 15:56:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2023-0216 for openssl-src (#1582)

Browse Source
This commit is contained in:
Alexis Mousset
2023-02-07 21:07:00 +01:00
committed by GitHub
parent 94fdfaf7ea
commit 3e3631fd47
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/openssl-src/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "openssl-src"
aliases = ["CVE-2023-0216"]
categories = ["denial-of-service"]
date = "2023-02-07"
url = "https://www.openssl.org/news/secadv/20230207.txt"
[versions]
patched = [">= 300.0.12"]
unaffected = ["< 300.0.0"]
```
# Invalid pointer dereference in `d2i_PKCS7` functions
An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
`d2i_PKCS7()`, `d2i_PKCS7_bio()` or `d2i_PKCS7_fp()` functions.
The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.