GHSA-6hcf-g6gr-hhcr: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

March 24, 2023

These functions would crash when the context argument was None with certain extension types.

Thanks to David Benjamin (Google) for reporting this issue.

References

github.com/advisories/GHSA-6hcf-g6gr-hhcr
github.com/sfackler/rust-openssl
github.com/sfackler/rust-openssl/pull/1854
rustsec.org/advisories/RUSTSEC-2023-0024.html

Code Behaviors & Features

Detect and mitigate GHSA-6hcf-g6gr-hhcr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →