Description

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Related CPE's

Could not find any relations

References

https://access.redhat.com/security/cve/CVE-2025-3416

https://bugzilla.redhat.com/show_bug.cgi?id=2357560

https://github.com/sfackler/rust-openssl

https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4

https://github.com/sfackler/rust-openssl/pull/2390

https://rustsec.org/advisories/RUSTSEC-2025-0022.html

Weaknesses

[email protected]

Secondary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

3.7 · Low

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2025-04-08T17:15:53.717Z

11 months ago

Last modified

2025-04-09T18:02:41.860Z

11 months ago