CVE-2025-24898

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-24898
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24898.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-24898
Aliases
Downstream
Related
Published
2025-02-03T17:57:39Z
Modified
2025-10-15T22:53:44.182147Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
rust openssl ssl::select_next_proto use after free
Details

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crateopenssl version 0.10.70 fixes the signature of ssl::select_next_proto to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of ssl::select_next_proto in the callback passed to SslContextBuilder::set_alpn_select_callback, code is only affected if the server buffer is constructed within the callback.

References

Affected packages

Git / github.com/sfackler/rust-openssl

Affected ranges

Type
GIT
Repo
https://github.com/sfackler/rust-openssl
Events
Introduced
d85e2a293778d2a01d715060e7516a8828b0a5ac
Fixed
a4d399b0f1a3694cb2d1728edf74d318a3cac890

Affected versions

openssl-errors-v0.*

openssl-errors-v0.1.0
openssl-errors-v0.2.0

openssl-macros-v0.*

openssl-macros-v0.1.0
openssl-macros-v0.1.1

openssl-sys-v0.*

openssl-sys-v0.9.100
openssl-sys-v0.9.101
openssl-sys-v0.9.102
openssl-sys-v0.9.103
openssl-sys-v0.9.104
openssl-sys-v0.9.105
openssl-sys-v0.9.25
openssl-sys-v0.9.26
openssl-sys-v0.9.27
openssl-sys-v0.9.28
openssl-sys-v0.9.30
openssl-sys-v0.9.31
openssl-sys-v0.9.32
openssl-sys-v0.9.33
openssl-sys-v0.9.35
openssl-sys-v0.9.36
openssl-sys-v0.9.37
openssl-sys-v0.9.38
openssl-sys-v0.9.39
openssl-sys-v0.9.40
openssl-sys-v0.9.41
openssl-sys-v0.9.42
openssl-sys-v0.9.43
openssl-sys-v0.9.44
openssl-sys-v0.9.45
openssl-sys-v0.9.46
openssl-sys-v0.9.47
openssl-sys-v0.9.48
openssl-sys-v0.9.49
openssl-sys-v0.9.50
openssl-sys-v0.9.51
openssl-sys-v0.9.52
openssl-sys-v0.9.53
openssl-sys-v0.9.54
openssl-sys-v0.9.55
openssl-sys-v0.9.56
openssl-sys-v0.9.57
openssl-sys-v0.9.58
openssl-sys-v0.9.59
openssl-sys-v0.9.60
openssl-sys-v0.9.61
openssl-sys-v0.9.62
openssl-sys-v0.9.63
openssl-sys-v0.9.64
openssl-sys-v0.9.65
openssl-sys-v0.9.66
openssl-sys-v0.9.67
openssl-sys-v0.9.68
openssl-sys-v0.9.69
openssl-sys-v0.9.70
openssl-sys-v0.9.71
openssl-sys-v0.9.72
openssl-sys-v0.9.73
openssl-sys-v0.9.74
openssl-sys-v0.9.75
openssl-sys-v0.9.76
openssl-sys-v0.9.77
openssl-sys-v0.9.78
openssl-sys-v0.9.79
openssl-sys-v0.9.80
openssl-sys-v0.9.81
openssl-sys-v0.9.82
openssl-sys-v0.9.83
openssl-sys-v0.9.84
openssl-sys-v0.9.85
openssl-sys-v0.9.86
openssl-sys-v0.9.87
openssl-sys-v0.9.88
openssl-sys-v0.9.89
openssl-sys-v0.9.90
openssl-sys-v0.9.91
openssl-sys-v0.9.92
openssl-sys-v0.9.93
openssl-sys-v0.9.94
openssl-sys-v0.9.95
openssl-sys-v0.9.96
openssl-sys-v0.9.97
openssl-sys-v0.9.98
openssl-sys-v0.9.99

openssl-v0.*

openssl-v0.10.0
openssl-v0.10.1
openssl-v0.10.10
openssl-v0.10.11
openssl-v0.10.12
openssl-v0.10.13
openssl-v0.10.14
openssl-v0.10.15
openssl-v0.10.16
openssl-v0.10.17
openssl-v0.10.18
openssl-v0.10.19
openssl-v0.10.2
openssl-v0.10.20
openssl-v0.10.21
openssl-v0.10.22
openssl-v0.10.23
openssl-v0.10.24
openssl-v0.10.25
openssl-v0.10.26
openssl-v0.10.27
openssl-v0.10.28
openssl-v0.10.29
openssl-v0.10.3
openssl-v0.10.30
openssl-v0.10.31
openssl-v0.10.32
openssl-v0.10.33
openssl-v0.10.34
openssl-v0.10.35
openssl-v0.10.36
openssl-v0.10.37
openssl-v0.10.38
openssl-v0.10.39
openssl-v0.10.4
openssl-v0.10.40
openssl-v0.10.41
openssl-v0.10.42
openssl-v0.10.43
openssl-v0.10.44
openssl-v0.10.45
openssl-v0.10.46
openssl-v0.10.47
openssl-v0.10.48
openssl-v0.10.49
openssl-v0.10.5
openssl-v0.10.50
openssl-v0.10.51
openssl-v0.10.52
openssl-v0.10.53
openssl-v0.10.54
openssl-v0.10.55
openssl-v0.10.56
openssl-v0.10.57
openssl-v0.10.58
openssl-v0.10.59
openssl-v0.10.6
openssl-v0.10.60
openssl-v0.10.61
openssl-v0.10.62
openssl-v0.10.63
openssl-v0.10.64
openssl-v0.10.65
openssl-v0.10.66
openssl-v0.10.67
openssl-v0.10.68
openssl-v0.10.69
openssl-v0.10.7
openssl-v0.10.8
openssl-v0.10.9
openssl-v0.9.27