OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
370cdc73f5332995b61e2dd281f170b41df44319
advisory-db/crates/openssl/RUSTSEC-2023-0044.md
Alexis Mousset c2b1e4cab4 Update aliases from GHSA OSV export (#1727)
2023-07-08 14:30:19 +02:00

572 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2023-0044"
package = "openssl"
date = "2023-06-20"
url = "https://github.com/sfackler/rust-openssl/issues/1965"
categories = ["memory-exposure"]
aliases = ["GHSA-xcf7-rvmh-g6q4"]

[affected]
functions = { "openssl::x509::verify::X509VerifyParamRef::set_host" = ["< 0.10.55, >=0.10.0"] }

[versions]
patched = [">= 0.10.55"]

openssl X509VerifyParamRef::set_host buffer over-read

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.