| Details | | | --- | --- | | Package | `openssl` | | Version | `0.10.68` | | URL | https://github.com/sfackler/rust-openssl/pull/2390 | | Patched Versions | >=0.10.72 | | Unaffected Versions | <0.10.39 | | Aliases | [GHSA-4fcv-w3qc-ppgg](https://github.com/advisories/GHSA-4fcv-w3qc-ppgg) | When a `Some(...)` value was passed to the `properties` argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to `CString::drop`'s behavior). The maintainers thank [quitbug](https://github.com/quitbug/) for reporting this vulnerability to us.
openssl0.10.68When a
Some(...)value was passed to thepropertiesargument of either of these functions, a use-after-free would result.In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to
CString::drop's behavior).The maintainers thank quitbug for reporting this vulnerability to us.