Skip to content

`openssl` `X509VerifyParamRef::set_host` buffer over-read

Moderate severity GitHub Reviewed Published Jun 21, 2023 to the GitHub Advisory Database

Package

cargo openssl (Rust)

Affected versions

>= 0.10.0, < 0.10.55

Patched versions

0.10.55

Description

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

References

Published to the GitHub Advisory Database Jun 21, 2023
Reviewed Jun 21, 2023

Severity

Moderate

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-xcf7-rvmh-g6q4

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.