RUSTSEC-2023-0024

See a problem?
Source
https://rustsec.org/advisories/RUSTSEC-2023-0024
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0024.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2023-0024
Aliases
Published
2023-03-24T12:00:00Z
Modified
2023-11-08T04:16:17.438606Z
Summary
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
Details

These functions would crash when the context argument was None with certain extension types.

Thanks to David Benjamin (Google) for reporting this issue.

References

Affected packages

crates.io / openssl

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.10.48

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "openssl::x509::X509Extension::new",
            "openssl::x509::X509Extension::new_nid"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}