-
Notifications
You must be signed in to change notification settings - Fork 334
/
RUSTSEC-2023-0011.json
69 lines (69 loc) · 1.84 KB
/
RUSTSEC-2023-0011.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
{
"schema_version": null,
"id": "RUSTSEC-2023-0011",
"modified": "2023-06-13T13:10:24Z",
"published": "2023-02-07T12:00:00Z",
"aliases": [
"CVE-2023-0216",
"GHSA-29xx-hcv2-c4cp"
],
"related": [],
"summary": "Invalid pointer dereference in `d2i_PKCS7` functions",
"details": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\n`d2i_PKCS7()`, `d2i_PKCS7_bio()` or `d2i_PKCS7_fp()` functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.",
"severity": [],
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "openssl-src",
"purl": "pkg:cargo/openssl-src"
},
"ecosystem_specific": {
"affects": {
"arch": [],
"os": [],
"functions": []
},
"affected_functions": null
},
"database_specific": {
"categories": [
"denial-of-service"
],
"cvss": null,
"informational": null
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "300.0.0"
},
{
"fixed": "300.0.12"
}
]
}
],
"versions": []
}
],
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/openssl-src"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2023-0011.html"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv/20230207.txt"
}
],
"database_specific": {
"license": "CC0-1.0"
}
}