CVE-2023-53159
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-08-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sfackler | openssl | to 0.10.55 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the Rust openssl crate versions before 0.10.55. It occurs when the function X509VerifyParamRef::set_host is called with an empty string. Internally, this causes a call to strlen on an empty string, leading to an out-of-bounds read or buffer over-read. This means the program reads memory beyond the intended boundary until it encounters a null byte, which can expose arbitrary memory contents and cause a segmentation fault or crash. [1, 2]
How can this vulnerability impact me? :
The vulnerability can cause a segmentation fault or crash in applications using the Rust openssl crate when an empty string is passed as the domain parameter to TLS connection functions. This leads to invalid memory access and potential memory exposure, which can disrupt service availability and potentially leak sensitive memory contents. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing if the Rust application using the openssl crate crashes or segfaults when calling TLS connection functions with an empty domain string. For example, running a test similar to the provided code snippet that calls TlsConnector::connect with an empty string as the domain can reveal the issue. There are no specific network detection commands provided, but monitoring for segmentation faults or crashes in Rust applications using openssl when handling TLS connections with empty domain strings is recommended. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the openssl crate to version 0.10.55 or later where the issue is fixed. Alternatively, modify the code to explicitly handle empty domain strings before passing them to set_host, for example by checking if the domain string is empty and handling that case separately as shown in the proposed code. Another approach is to change the set_host function to safely convert the input string to a CString to avoid invalid memory access. [1, 2]