CVE-2023-53159: `openssl` `X509VerifyParamRef::set_host` buffer over-read

June 21, 2023 (updated July 28, 2025)

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

References

github.com/advisories/GHSA-xcf7-rvmh-g6q4
github.com/sfackler/rust-openssl
github.com/sfackler/rust-openssl/issues/1965
github.com/sfackler/rust-openssl/pull/1968
nvd.nist.gov/vuln/detail/CVE-2023-53159
rustsec.org/advisories/RUSTSEC-2023-0044.html

Code Behaviors & Features

Detect and mitigate CVE-2023-53159 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →