CVE-2023-53159

Published Jul 28, 2025

Last updated 9 months ago

CVSS medium 4.5
SSL

Overview

Description
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.
Source
cve@mitre.org
NVD status
Analyzed
Products
openssl

Risk scores

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Severity
CRITICAL

Weaknesses

cve@mitre.org
CWE-126

Social media

Hype score
Not currently trending

  1. 🚨 New CVE Alert: CVE-2023-53159 🐛 Out-of-Bounds Read in Rust OpenSSL crate 📉 CVSS 4.5 (Medium) ⚠️ Triggered via X509VerifyParamRef::set_host("") 🔍 Check your dependencies! 📘 Our annotated report: https://t.co/QdYMipWdJ3 #CyberSecurity #RustLang #OpenSSL http

    @BaseFortify

    28 Jul 2025

    61 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2023-53159: Rust OpenSSL crate <0.10.55 crashes on empty hostnames, reading memory it shouldn’t. Upgrade to 0.10.55+ now. More info ➡️ https://t.co/zwAO95GpIS #RustLang #OpenSSL #infosec

    @VolerionSec

    28 Jul 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.CVE-2026-22750
  2. wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants.CVE-2026-5466
  3. URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid.CVE-2026-5263
  4. Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.CVE-2026-5264
  5. Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication if the public CA key used is also known. This affects ECDSA/ECC verification when EdDSA or ML-DSA is also enabled.CVE-2026-5194

References

Sources include official advisories and independent security research.