CVE-2023-53159

Опубликовано: 28 июл. 2025

Источник: debian

EPSS Низкий

Описание

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

Пакет	Статус	Версия исправления	Релиз	Тип
rust-openssl	fixed	0.10.57-1		package
rust-openssl	no-dsa		bookworm	package
rust-openssl	postponed		bullseye	package

https://rustsec.org/advisories/RUSTSEC-2023-0044.html
https://github.com/sfackler/rust-openssl/issues/1965
https://github.com/sfackler/rust-openssl/commit/155b3dc71700d2ff31651bbc99b991765a718c4e

EPSS

Процентиль: 14%

0.00046

Низкий

CVE-2023-53159

CVSS3: 4.5

ubuntu

6 месяцев назад

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

CVE-2023-53159

CVSS3: 5.7

redhat

6 месяцев назад

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

CVE-2023-53159

CVSS3: 4.5

nvd

6 месяцев назад

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

CVE-2023-53159

msrc

5 месяцев назад

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

GHSA-xcf7-rvmh-g6q4

CVSS3: 4.5

github

больше 2 лет назад

`openssl` `X509VerifyParamRef::set_host` buffer over-read

EPSS

Процентиль: 14%

0.00046

Низкий