{"id":"RUSTSEC-2023-0006","summary":"X.400 address type confusion in X.509 `GeneralName`","details":"There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 `GeneralName`. X.400 addresses were parsed as an `ASN1_STRING` but\nthe public structure definition for `GENERAL_NAME` incorrectly specified the type\nof the `x400Address` field as `ASN1_TYPE`. This field is subsequently interpreted by\nthe OpenSSL function `GENERAL_NAME_cmp` as an `ASN1_TYPE` rather than an\n`ASN1_STRING`.\n\nWhen CRL checking is enabled (i.e. the application sets the\n`X509_V_FLAG_CRL_CHECK` flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a `memcmp` call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.","aliases":["CVE-2023-0286","GHSA-x4qr-2fvf-3mr5"],"modified":"2023-11-08T04:11:06.998300Z","published":"2023-02-07T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/openssl-src"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0006.html"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20230207.txt"}],"affected":[{"package":{"name":"openssl-src","ecosystem":"crates.io","purl":"pkg:cargo/openssl-src"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"111.25.0"},{"introduced":"300.0.0"},{"fixed":"300.0.12"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"os":[],"functions":[]}},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0006.json","cvss":null,"informational":null,"categories":["denial-of-service","memory-exposure"]}}],"schema_version":"1.7.3"}