`openssl` `X509VerifyParamRef::set_host` buffer over-read · CVE-2023-53159 · GitHub Advisory Database · GitHub

`openssl` `X509VerifyParamRef::set_host` buffer over-read

Moderate severity GitHub Reviewed Published Jun 21, 2023 to the GitHub Advisory Database • Updated Jul 28, 2025

Package

openssl (Rust)

Affected versions

>= 0.10.0, < 0.10.55

Patched versions

0.10.55

Description

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

References

Published to the GitHub Advisory Database Jun 21, 2023

Reviewed Jun 21, 2023

Last updated Jul 28, 2025

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

Low

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L