HistoryEditJSON (OSV)

RUSTSEC-2023-0022

openssl X509NameBuilder::build returned object is not thread safe

Reported
Issued
Package
openssl (crates.io)
Type
Vulnerability
Categories
Aliases
References
Patched
  • >=0.10.48
Affected Functions
Version
openssl::x509::X509NameBuilder::build
  • <0.10.48, >=0.9.7

Description

OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.

Thanks to David Benjamin (Google) for reporting this issue.

Advisory available under CC0-1.0 license.