PT-2025-31038 · Openssl · Openssl

Published

2023-06-20

·

Updated

2025-07-28

·

CVE-2023-53159

Report an issue
CVSS v3.1
4.5
VectorAV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions:

openssl crate versions prior to 0.10.55

Description:

The openssl crate for Rust contains an issue that allows an out-of-bounds read when an empty string is provided to `X509VerifyParamRef::set host`.

Recommendations:

Upgrade to version 0.10.55 or later.

Fix

Buffer Over-read

Weakness Enumeration

CWE-126

Related Identifiers

CVE-2023-53159
GHSA-XCF7-RVMH-G6Q4
RUSTSEC-2023-0044

Affected Products

Openssl