GHSA-q445-7m23-qrmw

Published

Last updated

https://github.com/advisories/GHSA-q445-7m23-qrmw

Severity

Unknown

Summary

openssl's MemBio::get_buf has undefined behavior with empty buffers

Description

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

References

https://github.com/advisories/GHSA-q445-7m23-qrmw
https://github.com/sfackler/rust-openssl/pull/2266
https://github.com/sfackler/rust-openssl/commit/aef36e0f3950653148d6644309ee41ccf16e02bb
https://github.com/sfackler/rust-openssl
https://github.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.66
https://rustsec.org/advisories/RUSTSEC-2024-0357.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

GHSA-q445-7m23-qrmw

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources