Lucene search
K

4 matches found

OSV
OSV
added 2023/03/24 10:1 p.m.7 views

GHSA-9QWG-CRG9-M2VC `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...

7.3AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/24 10:1 p.m.18 views

`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...

6.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/24 12:0 p.m.29 views

RUSTSEC-2023-0023 `openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...

7.2AI score
Exploits0References3
RustSec
RustSec
added 2023/03/24 12:0 p.m.34 views

`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read

SubjectAlternativeName and ExtendedKeyUsage arguments were parsed using the OpenSSL function X509V3EXTnconf. This function parses all input using an OpenSSL mini-language which can perform arbitrary file reads. Thanks to David Benjamin Google for reporting this issue...

6.9AI score
Exploits0Affected Software1
Rows per page
Query Builder