RUSTSEC-2023-0044: `openssl` `X509VerifyParamRef::set_host` buffer over-read

| Details |  |
| --- | --- |
| Package | `openssl` |
| Version | `0.10.44` |
| URL | https://github.com/sfackler/rust-openssl/issues/1965 |
| Patched Versions | >=0.10.55 |
| Aliases | [GHSA-xcf7-rvmh-g6q4](https://github.com/advisories/GHSA-xcf7-rvmh-g6q4) |


When this function was passed an empty string, `openssl` would attempt to call `strlen` on it, reading arbitrary memory until it reached a NUL byte.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RUSTSEC-2023-0044: `openssl` `X509VerifyParamRef::set_host` buffer over-read #15

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`openssl`
Version	`0.10.44`
URL	rust-openssl/rust-openssl#1965
Patched Versions	>=0.10.55
Aliases	GHSA-xcf7-rvmh-g6q4

RUSTSEC-2023-0044: openssl X509VerifyParamRef::set_host buffer over-read #15

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

RUSTSEC-2023-0044: `openssl` `X509VerifyParamRef::set_host` buffer over-read #15