Early Access — Mondoo Vulnerability Intelligence is currently in preview.
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crateopenssl version 0.10.70 fixes the signature of ssl::select_next_proto to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of ssl::select_next_proto in the callback passed to SslContextBuilder::set_alpn_select_callback, code is only affected if the server buffer is constructed within the callback.
0.10.23-10.10.29-10.10.36-10.10.45-10.10.57-10.10.64-10.10.68-10.10.70-10.10.23-10.9.49-10.9.55-20.9.67-10.9.80-10.9.93-10.9.101-10.9.104-10.9.105-1Exploitability
AV:NAC:HAT:PPR:NUI:NVulnerable System
VC:LVI:NVA:LSubsequent System
SC:NSI:NSA:NCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N