RUSTSEC-2023-0072

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2023-0072

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0072.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2023-0072

Aliases

GHSA-xphf-cx8h-7q9g

Published

2023-11-23T12:00:00Z

Modified

2024-02-10T16:26:49.098843Z

Summary

`openssl` `X509StoreRef::objects` is unsound

Details

This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound.

Use of this function should be replaced with X509StoreRef::all_certificates.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / openssl

Package

Name: openssl; View open source insights on deps.dev
Purl: pkg:cargo/openssl

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.10.60

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "openssl::x509::store::X509StoreRef::objects"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": [
        "memory-corruption"
    ]
}