Опубликовано: 22 июл. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 6.5
Описание
openssl's MemBio::get_buf has undefined behavior with empty buffers
Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
Пакеты
Наименование
openssl
rust
Затронутые версииВерсия исправления
< 0.10.66
0.10.66
6.9 Medium
CVSS4
6.5 Medium
CVSS3
Дефекты
CWE-476
6.9 Medium
CVSS4
6.5 Medium
CVSS3
Дефекты
CWE-476