mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-15 22:04:38 +01:00
20 lines
572 B
Markdown
20 lines
572 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2023-0044"
|
|
package = "openssl"
|
|
date = "2023-06-20"
|
|
url = "https://github.com/sfackler/rust-openssl/issues/1965"
|
|
categories = ["memory-exposure"]
|
|
aliases = ["GHSA-xcf7-rvmh-g6q4"]
|
|
|
|
[affected]
|
|
functions = { "openssl::x509::verify::X509VerifyParamRef::set_host" = ["< 0.10.55, >=0.10.0"] }
|
|
|
|
[versions]
|
|
patched = [">= 0.10.55"]
|
|
```
|
|
|
|
# `openssl` `X509VerifyParamRef::set_host` buffer over-read
|
|
|
|
When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte.
|