Описание
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
A flaw was found in openssl. An out-of-bounds read can occur within the X509VerifyParamRef::set_host function when processing an empty string. A local attacker can trigger this condition by providing a specially crafted input, resulting in a potential information leak.
Отчет
The assigned Moderate severity is based on the fact that while the vulnerability can be triggered without authentication, it requires a specific, less common user interaction (providing an empty string for a hostname). The direct impact is limited to information disclosure and does not lead to arbitrary code execution or a denial of service. Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-126: Buffer Over-read vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Memory access boundaries are enforced through secure coding practices, including bounds checking and automated detection of over-read conditions during development. Static analysis and peer reviews catch improper memory handling early, reducing the risk of vulnerabilities reaching production. Memory protection mechanisms restrict access to allocated regions at runtime, and process isolation contains memory faults within the affected workload. Additionally, a defense-in-depth monitoring strategy supports real-time detection of anomalous memory activity, enabling rapid response and limiting potential impact.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Confidential Compute Attestation | confidential-compute-attestation-tech-preview/trustee-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-operator-bundle | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-rhel9-operator | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/eventrouter-rhel9 | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/log-file-metric-exporter-rhel9 | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/vector-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-cni-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-must-gather-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-pilot-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.7 Medium
CVSS3
Связанные уязвимости
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read ...
`openssl` `X509VerifyParamRef::set_host` buffer over-read
EPSS
5.7 Medium
CVSS3