RUSTSEC-2023-0024: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
github-actions opened this issue · comments
opensslX509Extension::newandX509Extension::new_nidnull pointer dereference
| Details | |
|---|---|
| Package | openssl |
| Version | 0.10.46 |
| URL | sfackler/rust-openssl#1854 |
| Date | 2023-03-24 |
| Patched versions | >=0.10.48 |
These functions would crash when the context argument was None with certain extension types.
Thanks to David Benjamin (Google) for reporting this issue.
See advisory page for additional details.
Fixed in 0.8.1.