{"id":"RUSTSEC-2023-0012","summary":"`NULL` dereference validating DSA public key","details":"An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\n`EVP_PKEY_public_check()` function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.","aliases":["CVE-2023-0217","GHSA-vxrh-cpg7-8vjr"],"modified":"2024-09-11T06:12:34.741362Z","published":"2023-02-07T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/openssl-src"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0012.html"},{"type":"WEB","url":"https://www.openssl.org/news/secadv/20230207.txt"}],"affected":[{"package":{"name":"openssl-src","ecosystem":"crates.io","purl":"pkg:cargo/openssl-src"},"ranges":[{"type":"SEMVER","events":[{"introduced":"300.0.0"},{"fixed":"300.0.12"}]}],"ecosystem_specific":{"affects":{"functions":[],"arch":[],"os":[]},"affected_functions":null},"database_specific":{"informational":null,"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0012.json","categories":["denial-of-service"]}}],"schema_version":"1.7.3"}