CGA-c5wm-8p7g-3g72

Published

Last updated

https://images.chainguard.dev/security/CGA-c5wm-8p7g-3g72

Package

rustup

RepositoryWolfi

Latest Update

Fixed

Fixed Version

1.27.1-r4

Aliases

GHSA-q445-7m23-qrmw

Severity

Unknown

Summary

openssl's MemBio::get_buf has undefined behavior with empty buffers

Description

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

References

https://github.com/advisories/GHSA-q445-7m23-qrmw
https://github.com/sfackler/rust-openssl/pull/2266
https://github.com/sfackler/rust-openssl/commit/aef36e0f3950653148d6644309ee41ccf16e02bb
https://github.com/sfackler/rust-openssl
https://github.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.66
https://rustsec.org/advisories/RUSTSEC-2024-0357.html

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-c5wm-8p7g-3g72

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources