-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly names both X509Extension::new and X509Extension::new_nid as vulnerable functions. The commit message shows they required adding mandatory context to prevent null dereference. These functions pass context to OpenSSL's X509V3_EXT_nconf which crashes when null is passed for extensions that require a valid context. The file path is derived from standard Rust OpenSSL crate structure and commit references to x509 module changes.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| openssl | rust | >= 0.9.7, < 0.10.48 | 0.10.48 |
A Semantic Attack on Google Gemini - Read the Latest Research