5 matches found
`openssl` `X509NameBuilder::build` returned object is not thread safe
OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...
GHSA-3GXF-9R58-2GHG `openssl` `X509NameBuilder::build` returned object is not thread safe
OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...
RUSTSEC-2023-0022 `openssl` `X509NameBuilder::build` returned object is not thread safe
OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...
`openssl` `X509NameBuilder::build` returned object is not thread safe
OpenSSL has a modified bit that it can set on on X509NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value. Thanks to David Benjamin Google for reporting this issue...
ProFTPD mod_tls预认证远程缓冲区溢出漏洞
ProFTPD是一款开放源代码FTP服务程序。 ProFTPD的模块modtls在处理用户认证时存在缓冲溢出漏洞,远程攻击者可能利用此漏洞完全控制服务器。 ProFTPD的modtls模块的tlsx509nameoneline函数中存在远程溢出漏洞,允许远程未经认证的攻击者获得root用户权限。漏洞相关的代码如下: contrib/modtls.c: """ static char tlsx509nameonelineX509NAME x509name static char buf256 = '\0'; / If we are using OpenSSL 0.9.6 or newer,...