RUSTSEC-2023-0072

Source
https://rustsec.org/advisories/RUSTSEC-2023-0072
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0072.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2023-0072
Aliases
Published
2023-11-23T12:00:00Z
Modified
2024-02-10T16:26:49.098843Z
Summary
`openssl` `X509StoreRef::objects` is unsound
Details

This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound.

Use of this function should be replaced with X509StoreRef::all_certificates.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / openssl

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.10.60

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "openssl::x509::store::X509StoreRef::objects"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": [
        "memory-corruption"
    ]
}