OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e6600338c880d882655a3bf7e5085fde4bb95e1f
advisory-db/crates/openssl/RUSTSEC-2023-0024.md
github-actions[bot] cda37f498a Assigned RUSTSEC-2023-0024 to openssl (#1659) 
Co-authored-by: alex <alex@users.noreply.github.com>
2023-03-23 22:55:44 -04:00

617 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2023-0024"
package = "openssl"
date = "2023-03-24"
url = "https://github.com/sfackler/rust-openssl/pull/1854"
categories = ["denial-of-service"]

[affected]
functions = { "openssl::x509::X509Extension::new" = ["< 0.10.48, >=0.9.7"], "openssl::x509::X509Extension::new_nid" = ["< 0.10.48, >=0.9.7"] }

[versions]
patched = [">= 0.10.48"]

openssl X509Extension::new and X509Extension::new_nid null pointer dereference

These functions would crash when the context argument was None with certain extension types.

Thanks to David Benjamin (Google) for reporting this issue.