`openssl` `X509VerifyParamRef::set_host` buffer over-read

Published: Jun 21, 2023
Updated: Jun 22, 2023
GHSA: <a href="https://github.com/advisories/GHSA-xcf7-rvmh-g6q4" target="_blank" rel="noopener"> GHSA-xcf7-rvmh-g6q4
Severity: Medium
Exploit:

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.