File tree Expand file tree Collapse file tree 1 file changed +10
-2
lines changed Expand file tree Collapse file tree 1 file changed +10
-2
lines changed Original file line number Diff line number Diff line change @@ -10,11 +10,14 @@ categories = ["memory-corruption"]
1010cvss = " CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
1111keywords = [" ssl" " openssl" " environment"
1212
13+ [affected .functions ]
14+ "openssl_probe::try_init_ssl_cert_env_vars" = [" < 0.1.6"
15+
1316[affected ]
1417os = [" linux"
1518
1619[versions ]
17- patched = []
20+ patched = [" >= 0.1.6 "
1821```
1922
2023# ` openssl-probe ` may cause memory corruption in multi-threaded processes
@@ -27,5 +30,10 @@ may cause the other threads to access dangling pointer values in the cases where
2730environment data is moved or resized in response to an additional environment variable being
2831added, or a variable's contents being enlarged.
2932
33+ This is shown to occur on Linux, but it will also likely occur on any other platform where ` getenv `
34+ and ` setenv ` are not thread-safe, though trigger conditions may vary widely.
35+
3036The affected function is ` try_init_ssl_cert_env_vars ` in
31- < https://github.com/alexcrichton/openssl-probe/blob/master/src/lib.rs#L65 > .
37+ < https://github.com/alexcrichton/openssl-probe/blob/db67c9e5b333b1b4164467b17f5d99207fad004c/src/lib.rs#L65 > .
38+
39+ The crate's author released a fix in versions ` >=0.1.6 ` which marks these functions as ` unsafe ` and ` #[deprecated] ` .
You can’t perform that action at this time.
0 commit comments