GHSA-xcf7-rvmh-g6q4: `openssl` `X509VerifyParamRef::set_host` buffer over-read

June 21, 2023

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

References

github.com/advisories/GHSA-xcf7-rvmh-g6q4
github.com/sfackler/rust-openssl
github.com/sfackler/rust-openssl/issues/1965
github.com/sfackler/rust-openssl/pull/1968
rustsec.org/advisories/RUSTSEC-2023-0044.html

Code Behaviors & Features

Detect and mitigate GHSA-xcf7-rvmh-g6q4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →