9528 matches found
CVE-2022-39252
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...
CVE-2024-43783
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions =1.21.0 and =1.7.0 and 1.52.1 are impacted by a denial-of-service vulnerability if all of the...
CVE-2024-7884
When a canister method is called via iccdk::call , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture...
CVE-2025-24898
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
CVE-2025-24898
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
AZL-56427 CVE-2025-24898 affecting package 389-ds-base 3.1.1-10
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
DEBIAN-CVE-2025-24898
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
UBUNTU-CVE-2025-24898
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
CVE-2025-24898 rust openssl ssl::select_next_proto use after free
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
CVE-2025-24898 rust openssl ssl::select_next_proto use after free
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
CVE-2025-24898
CVE-2025-24898 affects rust-openssl: ssl::select_next_proto can return a slice tied to the server buffer with a lifetime bound to the client, enabling a use-after-free if the server buffer’s lifetime is shorter. The Debian LTS advisory notes a fix in rust-openssl 0.10.29-1+deb11u1, addressing the...
CVE-2025-24898
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
CVE-2025-24898 rust openssl ssl::select_next_proto use after free
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
SUSE-SU-2025:20057-1 Security update for rust-keylime
This update for rust-keylime fixes the following issues: - Update vendored crates CVE-2024-43806, bsc1229952, bsc1230029 rustix 0.37.25 rustix 0.38.34 shlex 1.3.0 - Update to version 0.2.6+13: Enable test functional/iak-idevid-persisted-and-protected builddeps: bump uuid from 1.7.0 to 1.10.0...
Security update for rust-keylime
This update for rust-keylime fixes the following issues: Update vendored crates CVE-2024-43806, bsc1229952, bsc1230029 rustix 0.37.25 rustix 0.38.34 shlex 1.3.0 Update to version 0.2.6+13: Enable test functional/iak-idevid-persisted-and-protected builddeps: bump uuid from 1.7.0 to 1.10.0 builddep...
rust-openssl 资源管理错误漏洞
rust-openssl is a library from Rust for interacting with the OpenSSL library. A resource management error vulnerability exists in rust-openssl that stems from an incorrect return value lifecycle of the ssl::selectnextproto function, which could lead to the use of freed memory...
bitcoin-harness (=0.1.0), bitcoin_rpc_client (>=0.5.0 <=0.6.1) +91 more potentially affected by CVE-2025-24898 via openssl (>=0.10.22 <=0.10.7)
openssl CARGO version =0.10.22, =0.5.0, =0.2.0, =0.0.0, =0.0.1, =0.3.3, =0.6.25, =0.1.0-alpha.0, =0.0.3, =0.1.24, =0.37.0, =0.4.0, =0.37.0, =0.38.0 and more Source cves: CVE-2025-24898 Source advisory: OSV:RUSTSEC-2025-0004...
PT-2025-5595
Name of the Vulnerable Software and Affected Versions rust-openssl versions prior to 0.10.70 Description The issue arises when ssl::select next proto returns a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. If the server buffer's lifetime is...
[SECURITY] Fedora 41 Update: rust-routinator-0.14.1-2.fc41
An RPKI relying party software...
Fedora 41 : rust-routinator (2025-bbabead4d7)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-bbabead4d7 advisory. New ASPA support is now always compiled in and available if enable-aspa is set. The aspa Cargo feature has been removed. 990 If merging mutliple ASPA objects...