RUSTSEC-2023-0044
openssl
X509VerifyParamRef::set_host
buffer over-read
- Reported
- Issued
- Package
- openssl (crates.io)
- Type
- Vulnerability
- Categories
- Aliases
- References
- Patched
-
>=0.10.55
- Affected Functions
- Version
openssl::x509::verify::X509VerifyParamRef::set_host
-
<0.10.55, >=0.10.0
Description
When this function was passed an empty string, openssl
would attempt to call strlen
on it, reading arbitrary memory until it reached a NUL byte.
Advisory available under CC0-1.0 license.