Lucene search
K

224 matches found

OSV
OSV
added 2025/02/03 6:15 p.m.4 views

UBUNTU-CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

6.3CVSS6.1AI score0.0065EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/03 5:57 p.m.22 views

CVE-2025-24898 rust openssl ssl::select_next_proto use after free

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

6.3CVSS0.0065EPSS
Exploits0References3
CVE
CVE
added 2025/02/03 5:57 p.m.2675 views

CVE-2025-24898

CVE-2025-24898 affects rust-openssl: ssl::select_next_proto can return a slice tied to the server buffer with a lifetime bound to the client, enabling a use-after-free if the server buffer’s lifetime is shorter. The Debian LTS advisory notes a fix in rust-openssl 0.10.29-1+deb11u1, addressing the...

6.3CVSS6.9AI score0.0065EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/03 5:57 p.m.8 views

CVE-2025-24898 rust openssl ssl::select_next_proto use after free

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

6.3CVSS6.6AI score0.0065EPSS
Exploits0References3
OSV
OSV
added 2025/02/03 5:57 p.m.12 views

CVE-2025-24898 rust openssl ssl::select_next_proto use after free

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

6.3CVSS5.4AI score0.0065EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.4 views

rust-openssl 资源管理错误漏洞

rust-openssl is a library from Rust for interacting with the OpenSSL library. A resource management error vulnerability exists in rust-openssl that stems from an incorrect return value lifecycle of the ssl::selectnextproto function, which could lead to the use of freed memory...

6.3CVSS5AI score0.0065EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/02 12:0 a.m.5 views

PT-2025-5595

Name of the Vulnerable Software and Affected Versions rust-openssl versions prior to 0.10.70 Description The issue arises when ssl::select next proto returns a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. If the server buffer's lifetime is...

9.1CVSS5.8AI score0.0065EPSS
Exploits1References70
F5 Networks
F5 Networks
added 2024/05/03 7:9 p.m.46 views

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

5.9CVSS5.7AI score0.00415EPSS
Exploits0
OSV
OSV
added 2024/04/04 2:15 p.m.19 views

CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS5.4AI score0.00415EPSS
Exploits0References3
OSV
OSV
added 2024/04/04 2:15 p.m.87 views

UBUNTU-CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS5.8AI score0.00415EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/04 1:47 p.m.24 views

CVE-2024-3296 Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS6.5AI score0.00415EPSS
Exploits0References2
CVE
CVE
added 2024/04/04 1:47 p.m.89 views

CVE-2024-3296

CVE-2024-3296 involves the rust-openssl crate and a timing-based side-channel that could permit plaintext recovery over a network via a Bleichenbacher-style attack on the legacy PKCS#1v1.5 padding. An attacker would need to send many trial decryptions to achieve success. The connected documents c...

5.9CVSS5.4AI score0.00415EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/04/04 3:24 a.m.17 views

CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS5.3AI score0.00415EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/04/04 12:0 a.m.20 views

CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS6.2AI score0.00415EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.16 views

PT-2024-25007 · Unknown +1 · Rust-Openssl +1

Name of the Vulnerable Software and Affected Versions: rust-openssl affected versions not specified Description: A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve...

5.9CVSS6.7AI score0.00415EPSS
Exploits0References14
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.36 views

rust-openssl 安全漏洞

rust-openssl is a library from Rust for interacting with the OpenSSL library. A security vulnerability exists in rust-openssl that stems from the presence of a timing-based side channel flaw...

5.9CVSS5.8AI score0.00415EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.4 views

SUSE CVE-2018-20997

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing...

9.8CVSS9.4AI score0.01744EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/08/25 8:43 p.m.40 views

Improper Certificate Validation in openssl

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

8.1CVSS7.6AI score0.00745EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/25 8:43 p.m.50 views

GHSA-9XJR-M6F3-V5WM HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...

4.8CVSS4.9AI score0.00738EPSS
Exploits0References5
OSV
OSV
added 2016/11/05 12:0 p.m.45 views

RUSTSEC-2016-0001 SSL/TLS MitM vulnerability due to insecure defaults

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

8.1CVSS7.8AI score0.00745EPSS
Exploits0References3
Rows per page
Query Builder