CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.

History ⋅ Edit

**RUSTSEC-2018-0010**

Use after free in CMS Signing

Reported

June 1, 2018

Issued

October 2, 2020 (last modified: October 19, 2021)

Package

openssl (crates.io)

Type

Vulnerability

Keywords

#memory-corruption

Aliases

*   CVE-2018-20997

Details

https://github.com/sfackler/rust-openssl/pull/942

CVSS Score

9.8 CRITICAL

CVSS Details

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

*   >=0.10.9

Unaffected

*   <0.10.8

**Description**

Affected versions of the OpenSSL crate used structures after they'd been freed.

Headline

CVE-2018-20997: Use after free in CMS Signing › RustSec Advisory Database

CVE: Latest News