Skip to content

`openssl` `X509VerifyParamRef::set_host` buffer over-read

Moderate severity GitHub Reviewed Published Jun 21, 2023 to the GitHub Advisory Database

Package

cargo openssl (Rust)

Affected versions

>= 0.10.0, < 0.10.55

Patched versions

0.10.55

Description

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

References

Published to the GitHub Advisory Database Jun 21, 2023
Reviewed Jun 21, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-xcf7-rvmh-g6q4

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.