openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
References
Link | Resource |
---|---|
https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca | Patch Third Party Advisory |
Configurations
Information
Published : 2020-02-27 15:15
Updated : 2020-02-28 08:32
NVD link : CVE-2020-9432
Mitre link : CVE-2020-9432
JSON object : View
CWE
CWE-295
Improper Certificate Validation
Products Affected
lua-openssl_project
- lua-openssl