CVE-2025-3416 — Use After Free in Rust-openssl

CWE-416 — Use After Free8 documents7 sources

Severity

3.7LOWNVD

OSV9.1

EPSS

0.5%

top 36.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rust-openssl Project Rust-openssl Debian Rust-openssl Msrc Azl3 Python-cryptography 42.0.5-3 ON Azure Linux 3.0 +4 more

Timeline

PublishedApr 8

Latest updateNov 26

Description

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages8 packages

▶debiandebian/rust-openssl< rust-openssl 0.10.72-1 (forky)

▶Debianrust-openssl_project/rust-openssl< 0.10.72-1+1

▶Ubunturust-openssl_project/rust-openssl< 0.10.23-1ubuntu0.1~esm1+2

▶msrcmsrc/azl3_rust_1.86.0-1_on_azure_linux_3.0

▶msrcmsrc/azl3_rust_1.75.0-14_on_azure_linux_3.0

🔴Vulnerability Details

OSV

rust-openssl vulnerabilities↗2025-11-26

▶

OSV

CVE-2025-3416: A flaw was found in OpenSSL's handling of the properties argument in certain functions↗2025-04-08

▶

GHSA

GHSA-mgh2-hf68-73c8: A flaw was found in OpenSSL's handling of the properties argument in certain functions↗2025-04-08

▶

📋Vendor Advisories

Ubuntu

rust-openssl vulnerabilities↗2025-11-26

▶

Microsoft

Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`↗2025-04-08

▶

Red Hat

rust-openssl: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`↗2025-04-04

▶

Debian

CVE-2025-3416: rust-openssl - A flaw was found in OpenSSL's handling of the properties argument in certain fun...↗2025

▶