- Reported
-
- Issued
-
- Package
-
openssl
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- Patched
-
- Affected Functions
- Version
openssl::x509::verify::X509VerifyParamRef::set_host
-
Description
When this function was passed an empty string, openssl
would attempt to call strlen
on it, reading arbitrary memory until it reached a NUL byte.
Advisory available under CC0-1.0
license.