CGA-837x-fx5m-925q

Published

Last updated

https://images.chainguard.dev/security/CGA-837x-fx5m-925q

Package

rustup

Latest Update

Fixed

Fixed Version

1.27.1-r4

Aliases

GHSA-xphf-cx8h-7q9g

Summary

openssl X509StoreRef::objects is unsound

Description

This function returned a reference into an OpenSSL datastructure, but there was no way to ensure OpenSSL would not mutate the datastructure behind one's back.

Use of this function should be replaced with X509StoreRef::all_certificates.

References

https://github.com/advisories/GHSA-xphf-cx8h-7q9g
https://github.com/sfackler/rust-openssl/issues/2096
https://github.com/sfackler/rust-openssl/commit/cf9681a55cabd4cb9f1475bde17b5079f2a0384e
https://github.com/sfackler/rust-openssl
https://rustsec.org/advisories/RUSTSEC-2023-0072.html

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-837x-fx5m-925q

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources