rust-openssl ssl::select_next_proto use after free

🗓️ 03 Feb 2025 17:56:46Reported by GitHub Advisory DatabaseType

ssl::select_next_proto can cause use after free, leading to crashes or memory leaks.

Reporter	Title	Published	Views	Family All 109
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.64.crate CVE-2025-24898	29 May 202507:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	27 May 202606:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	26 May 202606:03	–	ibm
Tenable Nessus	AlmaLinux 9 : rpm-ostree (ALSA-2025:7147)	3 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : bootc (ALSA-2025:7160)	3 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : rust-bootupd (ALSA-2025:7241)	3 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : keylime-agent-rust (ALSA-2025:7313)	3 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : python3.12-cryptography (ALSA-2025:7317)	3 Jul 202500:00	–	nessus
Tenable Nessus	Debian dla-4049 : librust-openssl-dev - security update	11 Feb 202500:00	–	nessus
Tenable Nessus	Fedora 40 : vaultwarden (2025-0e5d6864d8)	23 Feb 202500:00	–	nessus

Vulners

Node

openssl opensslRange0.10.0–0.10.70rust

Source	Link
github	www.github.com/sfackler/rust-openssl/security/advisories/GHSA-rpmj-rpgj-qmpm
github	www.github.com/sfackler/rust-openssl/pull/2360
github	www.github.com/sfackler/rust-openssl/commit/f014afb230de4d77bc79dea60e7e58c2f47b60f2
rustsec	www.rustsec.org/advisories/RUSTSEC-2025-0004.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-24898
crates	www.crates.io/crates/openssl
lists	www.lists.debian.org/debian-lts-announce/2025/02/msg00009.html
github	www.github.com/advisories/GHSA-rpmj-rpgj-qmpm

11 Feb 2025 09:30Current

6.7Medium risk

Vulners AI Score6.7

CVSS 46.3

EPSS0.00116

SSVC