AZL-61804

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61804.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-61804

Upstream

CVE-2025-3416

Published

2025-04-08T19:15:53Z

Modified

2026-04-01T05:19:55.319012Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

CVE-2025-3416 affecting package 389-ds-base 3.1.1-10

Details

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-3416

Affected packages

Azure Linux:3 / 389-ds-base

Package

Name: 389-ds-base
Purl: pkg:rpm/azure-linux/389-ds-base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.1.1-10

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61804.json"