OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0fcce3f7cbbc76da50ab0d778399bf85dc141834
advisory-db/crates/openssl/RUSTSEC-2023-0022.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

661 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2023-0022"
package = "openssl"
date = "2023-03-24"
url = "https://github.com/sfackler/rust-openssl/pull/1854"
categories = ["thread-safety"]
aliases = ["GHSA-3gxf-9r58-2ghg"]

[affected]
functions = { "openssl::x509::X509NameBuilder::build" = ["< 0.10.48, >=0.9.7"] }

[versions]
patched = [">= 0.10.48"]

openssl X509NameBuilder::build returned object is not thread safe

OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.

Thanks to David Benjamin (Google) for reporting this issue.