/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-c4wp-rh5f-v23w

Published

Last updated

https://images.chainguard.dev/security/CGA-c4wp-rh5f-v23w
Package

lychee

RepositoryWolfi
Latest Update
Fixed
Fixed Version

0.18.1-r2

Aliases
  • GHSA-4fcv-w3qc-ppgg

Severity

Unknown

Summary

rust-openssl Use-After-Free in Md::fetch and Cipher::fetch

Description

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs