Skip to content

`openssl` `X509StoreRef::objects` is unsound

Moderate severity GitHub Reviewed Published Nov 28, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

Package

cargo openssl (Rust)

Affected versions

>= 0.10.29, < 0.10.60

Patched versions

0.10.60

Description

This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind one's back.

Use of this function should be replaced with X509StoreRef::all_certificates.

References

Published to the GitHub Advisory Database Nov 28, 2023
Reviewed Nov 28, 2023
Last updated Nov 28, 2023

Severity

Moderate

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-xphf-cx8h-7q9g

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.