Vulnerability Database

296,733

Total vulnerabilities in the database

openssl's `MemBio::get_buf` has undefined behavior with empty buffers

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.

Published: Jul 22, 2024
Updated: Jul 23, 2024
GHSA: GHSA-q445-7m23-qrmw
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
openssl	-	0.10.66

https://github.com/sfackler/rust-openssl/commit/aef36e0f3950653148d6644309ee41ccf16e02bb
https://github.com/sfackler/rust-openssl/pull/2266
https://github.com/sfackler/rust-openssl/releases/tag/openssl-v0.10.66
https://rustsec.org/advisories/RUSTSEC-2024-0357.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo