CNNVD-202507-3460 Information

CNNVD ID

CNNVD-202507-3460

Related CVE

CVE-2023-53159

• CNNVD Published: 2025-07-28

Description (Chinese)

rust-openssl是Rust的一个用于与 OpenSSL 库进行交互的库。 rust-openssl 0.10.55之前版本存在安全漏洞，该漏洞源于X509VerifyParamRef::set_host存在越界读取。

Description (English)

Rust-opensl is a library of Rust that interacts with the OpenSSL library. The previous version of rust-opensl 0.10.0.55 had a security loophole, which originated from the cross-border reading of X509 Verify Paramref::set host.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-07-28

Last Modified

2026-02-24

References

https://rustsec.org/advisories/RUSTSEC-2023-0044.html https://crates.io/crates/openssl https://github.com/sfackler/rust-openssl/issues/1965 https://vigilance.fr/vulnerability/Rust-openssl-out-of-bounds-memory-reading-via-X509VerifyParamRef-set-host-48876 https://access.redhat.com/security/cve/cve-2023-53159

Patch

https://github.com/sfackler/rust-openssl/releases