Reported

March 24, 2023

Issued

March 23, 2023 (last modified: June 13, 2023)

Package

openssl (crates.io)

Type

Vulnerability

Categories

• denial-of-service

Aliases

• GHSA-6hcf-g6gr-hhcr

References

• https://github.com/sfackler/rust-openssl/pull/1854

Patched

• >=0.10.48

Affected Functions

Version

openssl::x509::X509Extension::new

• <0.10.48, >=0.9.7

openssl::x509::X509Extension::new_nid

• <0.10.48, >=0.9.7

Description

These functions would crash when the context argument was None with certain extension types.

Thanks to David Benjamin (Google) for reporting this issue.

Advisory available under CC0-1.0 license.