GHSA-xphf-cx8h-7q9g

Source

https://github.com/advisories/GHSA-xphf-cx8h-7q9g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-xphf-cx8h-7q9g/GHSA-xphf-cx8h-7q9g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xphf-cx8h-7q9g

Aliases

RUSTSEC-2023-0072

Related

Published

2023-11-28T20:51:08Z

Modified

2024-02-10T16:26:49.098843Z

Summary

`openssl` `X509StoreRef::objects` is unsound

Details

This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind one's back.

Use of this function should be replaced with X509StoreRef::all_certificates.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-28T20:51:08Z"
}

References

Affected packages

crates.io / openssl

Package

Name: openssl; View open source insights on deps.dev
Purl: pkg:cargo/openssl

Affected ranges

Type: SEMVER
Events: Introduced

0.10.29

Fixed

0.10.60

Ecosystem specific

{
    "affected_functions": [
        "openssl::x509::store::X509StoreRef::objects"
    ]
}