When a `Some(...)` value was passed to the `properties` argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to `CString::drop`'s behavior). The maintainers thank [quitbug](https://github.com/quitbug/) for reporting this vulnerability to us.
How did you determine which Rust applications to file bugs against? I was surprised to see that bugs were filed against *some* applications (but not all) that use the OpenSSL bindings from the "openssl" Rust crate, but no bug was filed against "rust-openssl" itself.
I have now looked at the source code of all packages that depend on "rust-openssl", and only *one* of them has a reference to `Cipher::fetch` - python-cryptography, and it doesn't use the function in a way that triggers this CVE. There are zero references to `Md::fetch` in any packages that depend on "rust-openssl". I'll go ahead close all bugs that were reported against packages that are definitely not affected by this issue. Again, I'm surprised that bugs were opened against "maturin" and "rustup" - neither use code from the "openssl" crate directly. The only package that *could* be affected (because it calls `Cipher::fetch`) is "python-cryptography", and it's one of the few packages that didn't get a bug reported against it 🤣 Note that I have *not* checked packages that vendor the "openssl" crate.