Rust-Openssl Project Rust-Openssl vulnerabilities

CVE-2025-24898 [CRITICAL] rust-openssl vulnerabilities rust-openssl vulnerabilities Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory content to the client. (CVE-2025-24898) It was discovered that rust-openssl was incorrectly handling empty strings when setting the host in certain functions. An attacker could possibly use this issue to cause a

CVE-2023-53159 [CRITICAL] CVE-2023-53159: The openssl crate before 0 The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.

CVE-2025-3416 [LOW] CVE-2025-3416: A flaw was found in OpenSSL's handling of the properties argument in certain functions A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

CVE-2018-20997 [CRITICAL] CWE-416 CVE-2018-20997: An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.

CVE-2016-10931 [HIGH] CWE-295 CVE-2016-10931: An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-m An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.