rust-openssl 缓冲区错误漏洞

rust-openssl is an open-source library in the rust ecosystem that allows for interaction with the OpenSSL library. In versions 0.9.0 to 0.10.78 of rust-openssl, there was a buffer error vulnerability. This vulnerability stemmed from the frompemcallback API not verifying the length returned by use...

rust-openssl 安全漏洞

rust-openssl is an open-source library designed for interacting with the OpenSSL library. There were security vulnerabilities in the version of rust-openssl from 0.10.39 to 0.10.78. These vulnerabilities stemmed from the EVPDigestFinal function, which always writes EVPMDCTXsize bytes into the...

rust-openssl 缓冲区错误漏洞

rust-openssl is an open-source library in the rust ecosystem that allows for interaction with the OpenSSL library. Prior to version 0.10.78, rust-openssl had a buffer error vulnerability. This vulnerability stemmed from an incorrect assertion in aes::unwrapkey, where the condition out.len + 8 =...

GHSA-PQF5-4PQQ-29F5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...

rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...

rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length

The frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this...

GHSA-8C75-8MHR-P7R9 rust-openssl has incorrect bounds assertion in aes key wrap

Summary aes::unwrapkey has an incorrect bounds assertion on the out buffer size, which can lead to out-of-bounds write. Details aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the...

rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check

EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from safe Rust...

rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer

The FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut u8 that was handed to the closure. This can lead to...

GHSA-HPPC-G8H3-XHP3 rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer

The FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize directly to OpenSSL without checking it against the &mut u8 that was handed to the closure. This can lead to...

[SECURITY] Fedora 44 Update: rust-openssl-probe-0.2.1-1.fc44

A library for helping to find system-wide trust anchor "root" certificate locations based on paths typically used by openssl...

[SECURITY] Fedora 44 Update: rust-openssl-probe0.1-0.1.6-1.fc44

Tool for helping to find SSL certificate locations on the system for OpenSSL...

Fedora 44 : python-uv-build / rust-ambient-id / rust-astral-reqwest-middleware / etc (2026-b8b59dcf44)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-b8b59dcf44 advisory. Update uv and python-uv-build to 0.11.2. Version 0.11 includes changes to the networking stack used by uv. While its developers think that breakage will be...

Medium: aws-nitro-enclaves-cli

Issue Overview: openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Affected Packages: aws-nitro-enclaves-cli Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ sectio...

Amazon Linux 2023 : aws-nitro-enclaves-cli, aws-nitro-enclaves-cli-devel, aws-nitro-enclaves-cli-integration-tests (ALAS2023-2026-1371)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1371 advisory. openssl: rust-openssl Use-After-Free in Md::fetch and Cipher::fetch CVE-2025-3416 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that...

MiracleLinux 9 : python3.12-cryptography-41.0.7-2.el9 (AXSA:2025-10071:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10071:01 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : rust-bootupd-0.2.27-3.el9 (AXSA:2025-10220:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10220:01 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : bootc-1.1.6-3.el9_6 (AXSA:2025-10277:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10277:01 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : keylime-agent-rust-0.2.2-2.el9 (AXSA:2025-10290:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10290:01 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : rpm-ostree-2025.5-1.el9 (AXSA:2025-10337:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10337:01 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the...