CGA-wc5p-vj8w-jm26

Published

Last updated

https://images.chainguard.dev/security/CGA-wc5p-vj8w-jm26

Package

zed

Latest Update

Fixed

Fixed Version

0.146.3-r0

Aliases

GHSA-q445-7m23-qrmw

Severity

6.5

Medium

CVSS V3

Summary

openssl's MemBio::get_buf has undefined behavior with empty buffers

Description

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

References

https://github.com/advisories/GHSA-q445-7m23-qrmw
https://github.com/sfackler/rust-openssl/pull/2266
https://github.com/sfackler/rust-openssl/commit/aef36e0f3950653148d6644309ee41ccf16e02bb
https://github.com/sfackler/rust-openssl
https://github.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.66
https://rustsec.org/advisories/RUSTSEC-2024-0357.html

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-wc5p-vj8w-jm26

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources