RUSTSEC-2023-0024: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference


> `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `openssl`                      |
| Version             | `0.10.46`                   |
| URL                 | [https://github.com/sfackler/rust-openssl/pull/1854](https://github.com/sfackler/rust-openssl/pull/1854) |
| Date                | 2023-03-24                         |
| Patched versions    | `>=0.10.48`                  |

These functions would crash when the context argument was None with certain extension types.

Thanks to David Benjamin (Google) for reporting this issue.

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2023-0024.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RUSTSEC-2023-0024: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference #732

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`openssl`
Version	`0.10.46`
URL	rust-openssl/rust-openssl#1854
Date	2023-03-24
Patched versions	`>=0.10.48`

RUSTSEC-2023-0024: openssl X509Extension::new and X509Extension::new_nid null pointer dereference #732

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

RUSTSEC-2023-0024: `openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference #732