CVE-2025-3416

Опубликовано: 04 апр. 2025

Источник: redhat

CVSS3: 3.7

Описание

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Directory Server 11	redhat-ds:11/389-ds-base	Fix deferred
Red Hat Directory Server 12	redhat-ds:12/389-ds-base	Fix deferred
Red Hat Enterprise Linux 10	firefox	Fix deferred
Red Hat Enterprise Linux 10	gjs	Fix deferred
Red Hat Enterprise Linux 10	rpm-ostree	Fix deferred
Red Hat Enterprise Linux 6	openssl	Fix deferred
Red Hat Enterprise Linux 7	firefox	Fix deferred
Red Hat Enterprise Linux 8	389-ds:1.4/389-ds-base	Fix deferred
Red Hat Enterprise Linux 8	firefox	Fix deferred
Red Hat Enterprise Linux 8	mingw-openssl	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2357560rust-openssl: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

3.7 Low

CVSS3

Связанные уязвимости

CVE-2025-3416

CVSS3: 3.7

ubuntu

10 месяцев назад

CVE-2025-3416

CVSS3: 3.7

nvd

10 месяцев назад

CVE-2025-3416

msrc

5 месяцев назад

Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`

CVE-2025-3416

CVSS3: 3.7

debian

10 месяцев назад

A flaw was found in OpenSSL's handling of the properties argument in c ...

openSUSE-SU-2025:0152-1

suse-cvrf

9 месяцев назад

Security update for kanidm

3.7 Low

CVSS3