CVE-2024-5991 — In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and len — CVE Database · The Intelligence Room