CVE-2026-34054 openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element)

vcpkg is a free and open-source C/C++ package manager. Prior to version 3.6.13, vcpkg's Windows builds of OpenSSL set openssldir to a path on the build machine, making that path be attackable later on customer machines. This issue has been patched in version 3.6.13...

vcpkg 代码问题漏洞

vcpkg is an open-source C/C++ cross-platform package management tool developed by Microsoft. Versions of vcpkg prior to vcpkg 3.6.1 contained code vulnerabilities. These vulnerabilities stemmed from the Windows version of OpenSSL, where the path to openssldir was set to the path on the build...

CURL-CVE-2019-5443 Windows OpenSSL engine code injection

A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that makes curl automatically run the code as an OpenSSL "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the...