GHSA-q445-7m23-qrmw: openssl's `MemBio::get_buf` has undefined behavior with empty buffers
Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
References
- github.com/advisories/GHSA-q445-7m23-qrmw
- github.com/sfackler/rust-openssl
- github.com/sfackler/rust-openssl/commit/aef36e0f3950653148d6644309ee41ccf16e02bb
- github.com/sfackler/rust-openssl/pull/2266
- github.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.66
- rustsec.org/advisories/RUSTSEC-2024-0357.html
Detect and mitigate GHSA-q445-7m23-qrmw with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →