Fluid Attacks Database

Description

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	rust-openssl	=0.10.45-1 \|\| =0.10.57-1 \|\| =0.10.64-1 \|\| =0.10.68-1 \|\| =0.10.70-1 \|\| =0.10.72-1 \|\| =0.10.73-1 \|\| =0.10.78-1	-
debian 11	rust-openssl	=0.10.29-1 \|\| =0.10.29-1+deb11u1 \|\| =0.10.36-1 \|\| =0.10.41-1 \|\| =0.10.45-1 \|\| =0.10.57-1 \|\| =0.10.64-1 \|\| =0.10.68-1 \|\| =0.10.70-1 \|\| =0.10.72-1 \|\| =0.10.73-1 \|\| =0.10.78-1	-
debian 13	rust-openssl	>=0 <0.10.57-1	0.10.57-1
debian 14	rust-openssl	>=0 <0.10.57-1	0.10.57-1
rpm rhel10	firefox	-	-
rpm rhel9	389-ds-base	-	-
rpm rhel7	firefox	-	-
rpm rhel8	firefox	-	-
rpm rhel9	firefox	-	-
rpm rhel10	gjs	-	-

1-10 of 16

Aliases

References

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.