Description
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/zhaozg/lua-openssl/commit/a6dc186dd4b6b9e329a93cca3e7e3cfccfdf3cca
Scores
CVSS v3
9.1
EPSS
0.0015
EPSS Percentile
34.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (1)
lua-openssl_project/lua-openssl
0.7.7-1
Published
Feb 27, 2020
Tracked Since
Feb 18, 2026