RUSTSEC-2023-0024: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
github-actions opened this issue · comments
github-actions commented
openssl
X509Extension::new
andX509Extension::new_nid
null pointer dereference
Details | |
---|---|
Package | openssl |
Version | 0.10.46 |
URL | sfackler/rust-openssl#1854 |
Date | 2023-03-24 |
Patched versions | >=0.10.48 |
These functions would crash when the context argument was None with certain extension types.
Thanks to David Benjamin (Google) for reporting this issue.
See advisory page for additional details.
Stéphan Kochen commented
Fixed in 0.8.1.