Description

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Related CPE's

Could not find any relations

References

https://access.redhat.com/security/cve/CVE-2025-3416

https://bugzilla.redhat.com/show_bug.cgi?id=2357560

https://github.com/sfackler/rust-openssl

https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4

https://github.com/sfackler/rust-openssl/pull/2390

https://rustsec.org/advisories/RUSTSEC-2025-0022.html

Weaknesses

[email protected]

Primary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

3.7 · Low

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2025-04-08T19:15:53.717

1 month ago

Last modified

2025-04-08T19:15:53.717

1 month ago