{"id":"RUSTSEC-2023-0072","summary":"`openssl` `X509StoreRef::objects` is unsound","details":"This function returned a shared reference into an OpenSSL datastructure but did not account for interior mutability. OpenSSL may modify the data behind this reference, meaning accesses can race and the reference is unsound.\n\nUse of this function should be replaced with `X509StoreRef::all_certificates`.","aliases":["GHSA-xphf-cx8h-7q9g"],"modified":"2024-02-10T16:26:49.098843Z","published":"2023-11-23T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/openssl"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0072.html"},{"type":"REPORT","url":"https://github.com/sfackler/rust-openssl/issues/2096"}],"affected":[{"package":{"name":"openssl","ecosystem":"crates.io","purl":"pkg:cargo/openssl"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.10.60"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":["openssl::x509::store::X509StoreRef::objects"],"os":[],"arch":[]}},"database_specific":{"informational":"unsound","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0072.json","cvss":null,"categories":["memory-corruption"]}}],"schema_version":"1.7.3"}