- Reported
-
- Issued
-
- Package
-
openssl
(crates.io)
- Type
-
Vulnerability
- Categories
-
- References
-
- Patched
-
- Unaffected
-
- Affected Functions
- Version
openssl::cipher::Cipher::fetch
-
openssl::md::Md::fetch
-
Description
When a Some(...)
value was passed to the properties
argument of either of these functions, a use-after-free would result.
In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop
's behavior).
The maintainers thank quitbug for reporting this vulnerability to us.
Advisory available under CC0-1.0
license.