/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-q74j-p48j-h3f4

Published

Last updated

https://images.chainguard.dev/security/CGA-q74j-p48j-h3f4
Package

sdp-k8s-injector

RepositoryWolfi
Latest Update
Fixed
Fixed Version

1.3.8-r1

Aliases
  • GHSA-4fcv-w3qc-ppgg

Severity

Unknown

Summary

rust-openssl Use-After-Free in Md::fetch and Cipher::fetch

Description

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs