GHSA-q445-7m23-qrmw

Published

Last updated

https://github.com/advisories/GHSA-q445-7m23-qrmw

Severity

Unknown

Summary

openssl's MemBio::get_buf has undefined behavior with empty buffers

Description

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

References

https://github.com/advisories/GHSA-q445-7m23-qrmw
https://github.com/sfackler/rust-openssl/pull/2266
https://github.com/sfackler/rust-openssl/commit/aef36e0f3950653148d6644309ee41ccf16e02bb
https://github.com/sfackler/rust-openssl
https://github.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.66
https://rustsec.org/advisories/RUSTSEC-2024-0357.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

GHSA-q445-7m23-qrmw

Severity

Summary

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company