13 matches found
Fedora 42 : bpfman (2025-0753bddd6c)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0753bddd6c advisory. This update fixes CVE-2025-0977 RUSTSEC-2025-0004, a use-after-free vulnerability in the Rust openssl crate's ssl::selectnextproto function. The openssl crat...
RockyLinux 9 : bootc (RLSA-2025:7160)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7160 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the RockyLinux...
rust-openssl: rust openssl ssl::select_next_proto use after free
A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...
rust-openssl: rust openssl ssl::select_next_proto use after free
A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...
rust-openssl: rust openssl ssl::select_next_proto use after free
A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...
SUSE CVE-2025-24898
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
UBUNTU-CVE-2025-24898
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...
rust-openssl ssl::select_next_proto use after free
Impact ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the server buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash o...
rust-openssl 资源管理错误漏洞
rust-openssl is a library from Rust for interacting with the OpenSSL library. A resource management error vulnerability exists in rust-openssl that stems from an incorrect return value lifecycle of the ssl::selectnextproto function, which could lead to the use of freed memory...
CLSA-2024-1731344946 openssl: Fix of CVE-2024-5535
CVE-2024-5535: Validate provided client list in ssl/ssllib.c. Clarify SSLselectnextproto documentation...
CLSA-2024-1730801286 openssl: Fix of CVE-2024-5535
CVE-2024-5535: Validate provided client list in ssl/ssllib.c. Clarify SSLselectnextproto documentation...
OpenSSL Security Vulnerabilities
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
PT-2024-6083
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to the next release exact version not specified CPython version 3.9 and earlier Description The issue is related to the OpenSSL API function SSL select next proto which can cause a crash or memory contents to be sent to...