CVE-2025-3416
- Source
- https://cve.org/CVERecord?id=CVE-2025-3416
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-3416.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-3416
- Downstream
- Related
- Published
- 2025-04-08T18:24:22.102Z
- Modified
- 2026-05-18T05:56:17.442669592Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
- Details
-
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
- Database specific
{ "cwe_ids": [ "CWE-416" ], "cna_assigner": "redhat", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/3xxx/CVE-2025-3416.json" }- References
-
- https://access.redhat.com/downloads/content/package-browser/
- https://access.redhat.com/security/cve/CVE-2025-3416
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/3xxx/CVE-2025-3416.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-3416
- https://rustsec.org/advisories/RUSTSEC-2025-0022.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2357560
- https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4
- https://github.com/sfackler/rust-openssl/pull/2390
- https://github.com/sfackler/rust-openssl
Affected packages
Git / github.com/rust-openssl/rust-openssl
Affected versions
openssl-macros-v0.*
openssl-macros-v0.1.1
openssl-sys-v0.*
openssl-sys-v0.9.100
openssl-sys-v0.9.101
openssl-sys-v0.9.102
openssl-sys-v0.9.103
openssl-sys-v0.9.104
openssl-sys-v0.9.105
openssl-sys-v0.9.106
openssl-sys-v0.9.74
openssl-sys-v0.9.75
openssl-sys-v0.9.76
openssl-sys-v0.9.77
openssl-sys-v0.9.78
openssl-sys-v0.9.79
openssl-sys-v0.9.80
openssl-sys-v0.9.81
openssl-sys-v0.9.82
openssl-sys-v0.9.83
openssl-sys-v0.9.84
openssl-sys-v0.9.85
openssl-sys-v0.9.86
openssl-sys-v0.9.87
openssl-sys-v0.9.88
openssl-sys-v0.9.89
openssl-sys-v0.9.90
openssl-sys-v0.9.91
openssl-sys-v0.9.92
openssl-sys-v0.9.93
openssl-sys-v0.9.94
openssl-sys-v0.9.95
openssl-sys-v0.9.96
openssl-sys-v0.9.97
openssl-sys-v0.9.98
openssl-sys-v0.9.99
openssl-v0.*
openssl-v0.10.39
openssl-v0.10.40
openssl-v0.10.41
openssl-v0.10.42
openssl-v0.10.43
openssl-v0.10.44
openssl-v0.10.45
openssl-v0.10.46
openssl-v0.10.47
openssl-v0.10.48
openssl-v0.10.49
openssl-v0.10.50
openssl-v0.10.51
openssl-v0.10.52
openssl-v0.10.53
openssl-v0.10.54
openssl-v0.10.55
openssl-v0.10.56
openssl-v0.10.57
openssl-v0.10.58
openssl-v0.10.59
openssl-v0.10.60
openssl-v0.10.61
openssl-v0.10.62
openssl-v0.10.63
openssl-v0.10.64
openssl-v0.10.65
openssl-v0.10.66
openssl-v0.10.67
openssl-v0.10.68
openssl-v0.10.69
openssl-v0.10.70
openssl-v0.10.71