HistoryEditJSON (OSV)

RUSTSEC-2023-0044

openssl X509VerifyParamRef::set_host buffer over-read

Reported
Issued
Package
openssl (crates.io)
Type
Vulnerability
Categories
Aliases
References
Patched
  • >=0.10.55
Affected Functions
Version
openssl::x509::verify::X509VerifyParamRef::set_host
  • <0.10.55, >=0.10.0

Description

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

Advisory available under CC0-1.0 license.