Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2023-0215 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2023-0215 Source advisory: OSV:GHSA-R7JW-WP68-3XCH...

GHSA-R7JW-WP68-3XCH openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

openssl-src contains Double free after calling `PEM_read_bio_ex`

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2023-0286 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2023-0286 Source advisory: OSV:GHSA-X4QR-2FVF-3MR5...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2022-4450 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2022-4450 Source advisory: OSV:RUSTSEC-2023-0010...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2023-0215 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2023-0215 Source advisory: OSV:RUSTSEC-2023-0009...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2023-0286 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2023-0286 Source advisory: OSV:RUSTSEC-2023-0006...

roaring-landmask (=0.4.0) potentially affected by CVE-2022-3602 via openssl-src (=300.0.0+3.0.0)

openssl-src CARGO version =300.0.0+3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - roaring-landmask =0.4.0 Source cves: CVE-2022-3602 Source advisory: OSV:RUSTSEC-2022-0064...

roaring-landmask (=0.4.0) potentially affected by CVE-2022-2097 via openssl-src (=300.0.0+3.0.0)

openssl-src CARGO version =300.0.0+3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - roaring-landmask =0.4.0 Source cves: CVE-2022-2097 Source advisory: OSV:GHSA-3WX7-46CH-7RQ2...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2022-2097 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2022-2097 Source advisory: OSV:GHSA-3WX7-46CH-7RQ2...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2022-2097 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2022-2097 Source advisory: OSV:RUSTSEC-2022-0032...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-3711 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-3711 Source advisory: OSV:GHSA-5WW6-PX42-WC85...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-3712 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-3712 Source advisory: OSV:GHSA-Q9WJ-F4QW-6VFJ...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2022-0778 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2022-0778 Source advisory: OSV:GHSA-X3MH-JVJW-3XWX...

roaring-landmask (=0.4.0) potentially affected by CVE-2022-0778 via openssl-src (=300.0.0+3.0.0)

openssl-src CARGO version =300.0.0+3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - roaring-landmask =0.4.0 Source cves: CVE-2022-0778 Source advisory: OSV:RUSTSEC-2022-0014...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2022-0778 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2022-0778 Source advisory: OSV:RUSTSEC-2022-0014...

roaring-landmask (=0.4.0) potentially affected by CVE-2021-4044 via openssl-src (=300.0.0+3.0.0)

openssl-src CARGO version =300.0.0+3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - roaring-landmask =0.4.0 Source cves: CVE-2021-4044 Source advisory: OSV:GHSA-MMJF-F5JW-W72Q...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-3449 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-3449 Source advisory: OSV:GHSA-83MX-573X-5RW9...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-23841 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-23841 Source advisory: OSV:GHSA-84RM-QF37-FGC2...