An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HRust OpenSSL Project Rust OpenSSL
APPRust-Openssl Project< 0.9.0
Related vulnerabilities
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deri...
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwra...
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP...
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the ...