GHSA-3gxf-9r58-2ghg

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-3gxf-9r58-2ghg/GHSA-3gxf-9r58-2ghg.json

Published

2023-03-24T22:01:35Z

Modified

2023-03-24T22:01:35Z

Details

OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.

Thanks to David Benjamin (Google) for reporting this issue.

References

• https://github.com/sfackler/rust-openssl/pull/1854
• https://rustsec.org/advisories/RUSTSEC-2023-0022.html