OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

openssl X509StoreRef::objects is unsound (#1824)

Browse Source
This commit is contained in:
Alex Gaynor
2023-11-28 09:16:52 -05:00
committed by GitHub
parent a9468c3c3a
commit c420785f45
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
crates/openssl/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,21 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "openssl"
date = "2023-11-23"
url = "https://github.com/sfackler/rust-openssl/issues/2096"
informational = "unsound"
categories = ["memory-corruption"]
[affected]
functions = { "openssl::x509::store::X509StoreRef::objects" = ["< 0.10.60, >=0.10.29"] }
[versions]
patched = [">= 0.10.60"]
```
# `openssl` `X509StoreRef::objects` is unsound
This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind ones back.
Use of this function should be replaced with `X509StoreRef::all_certificates`.