Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0cDktZjRxMy1jNHI3
Improper Certificate Validation in openssl
All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks. The problem was addressed in newer versions by enabling certificate verification by default and exposing APIs to perform hostname verification. Use the SslConnector and SslAcceptor types to take advantage of these new features (as opposed to the lower-level SslContext type).
Permalink: https://github.com/advisories/GHSA-34p9-f4q3-c4r7JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0cDktZjRxMy1jNHI3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 8.1
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-34p9-f4q3-c4r7, CVE-2016-10931
References:
- https://nvd.nist.gov/vuln/detail/CVE-2016-10931
- https://github.com/sfackler/rust-openssl/releases/tag/v0.9.0
- https://rustsec.org/advisories/RUSTSEC-2016-0001.html
- https://github.com/advisories/GHSA-34p9-f4q3-c4r7
Blast Radius: 36.1
Affected Packages
cargo:openssl
Dependent packages: 1,425Dependent repositories: 28,271
Downloads: 111,917,925 total
Affected Version Ranges: < 0.9.0
Fixed in: 0.9.0
All affected versions: 0.0.1, 0.0.2, 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 0.2.13, 0.2.14, 0.2.15, 0.2.16, 0.2.17, 0.2.18, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14, 0.8.0, 0.8.1, 0.8.2, 0.8.3
All unaffected versions: 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.10.7, 0.10.8, 0.10.9, 0.10.10, 0.10.11, 0.10.12, 0.10.13, 0.10.14, 0.10.15, 0.10.16, 0.10.17, 0.10.18, 0.10.19, 0.10.20, 0.10.21, 0.10.22, 0.10.23, 0.10.24, 0.10.25, 0.10.26, 0.10.27, 0.10.28, 0.10.29, 0.10.30, 0.10.31, 0.10.32, 0.10.33, 0.10.34, 0.10.35, 0.10.36, 0.10.37, 0.10.38, 0.10.39, 0.10.40, 0.10.41, 0.10.42, 0.10.43, 0.10.44, 0.10.45, 0.10.46, 0.10.47, 0.10.48, 0.10.49, 0.10.50, 0.10.51, 0.10.52, 0.10.53, 0.10.54, 0.10.55, 0.10.56, 0.10.57, 0.10.58, 0.10.59, 0.10.60, 0.10.61, 0.10.62, 0.10.63, 0.10.64, 0.10.65, 0.10.66