Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/09 12:0 a.m.2 views

Fedora 42 : bpfman (2025-0753bddd6c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0753bddd6c advisory. This update fixes CVE-2025-0977 RUSTSEC-2025-0004, a use-after-free vulnerability in the Rust openssl crate's ssl::selectnextproto function. The openssl crat...

5.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/06 12:0 a.m.4 views

RockyLinux 9 : bootc (RLSA-2025:7160)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7160 advisory. rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 Tenable has extracted the preceding description block directly from the RockyLinux...

6.3CVSS5.3AI score0.0065EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/05/13 8:49 a.m.10 views

rust-openssl: rust openssl ssl::select_next_proto use after free

A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...

6.3CVSS6AI score0.0065EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/13 8:38 a.m.6 views

rust-openssl: rust openssl ssl::select_next_proto use after free

A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...

6.3CVSS6AI score0.0065EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/13 8:35 a.m.3 views

rust-openssl: rust openssl ssl::select_next_proto use after free

A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...

6.3CVSS6AI score0.0065EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/02/17 3:47 a.m.4 views

SUSE CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

6.3CVSS7.3AI score0.0065EPSS
Exploits0References7
OSV
OSV
added 2025/02/03 6:15 p.m.3 views

UBUNTU-CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

6.3CVSS6.1AI score0.0065EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/02/03 5:56 p.m.20 views

rust-openssl ssl::select_next_proto use after free

Impact ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the server buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash o...

6.3CVSS6.7AI score0.0065EPSS
Exploits0References8Affected Software1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

rust-openssl 资源管理错误漏洞

rust-openssl is a library from Rust for interacting with the OpenSSL library. A resource management error vulnerability exists in rust-openssl that stems from an incorrect return value lifecycle of the ssl::selectnextproto function, which could lead to the use of freed memory...

6.3CVSS5AI score0.0065EPSS
Exploits0References3
OSV
OSV
added 2024/11/11 5:9 p.m.5 views

CLSA-2024-1731344946 openssl: Fix of CVE-2024-5535

CVE-2024-5535: Validate provided client list in ssl/ssllib.c. Clarify SSLselectnextproto documentation...

9.1CVSS7AI score0.05582EPSS
Exploits1References1
OSV
OSV
added 2024/11/05 10:8 a.m.5 views

CLSA-2024-1730801286 openssl: Fix of CVE-2024-5535

CVE-2024-5535: Validate provided client list in ssl/ssllib.c. Clarify SSLselectnextproto documentation...

9.1CVSS7AI score0.05582EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.2 views

OpenSSL Security Vulnerabilities

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

9.1CVSS6.9AI score0.05582EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.19 views

PT-2024-6083

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to the next release exact version not specified CPython version 3.9 and earlier Description The issue is related to the OpenSSL API function SSL select next proto which can cause a crash or memory contents to be sent to...

9.4CVSS8AI score0.73461EPSS
Exploits5References340
Rows per page
Query Builder