CVE-2025-3416

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

CVSS v3 3.7 LOW

3.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-3416
https://bugzilla.redhat.com/show_bug.cgi?id=2357560
https://github.com/sfackler/rust-openssl
https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4
https://github.com/sfackler/rust-openssl/pull/2390
https://rustsec.org/advisories/RUSTSEC-2025-0022.html

Configurations

No configuration.

History

09 Apr 2025, 20:02

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en el gestionamiento del argumento de propiedades por parte de OpenSSL en ciertas funciones. Esta vulnerabilidad puede permitir la explotación de la función "use after free", lo que puede resultar en un comportamiento indefinido o un análisis incorrecto de las propiedades, lo que hace que OpenSSL trate la entrada como una cadena vacía.

08 Apr 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 19:15

Updated : 2025-04-09 20:02

NVD link : CVE-2025-3416

Mitre link : CVE-2025-3416

CVE.ORG link : CVE-2025-3416

JSON object : View

Products Affected

No product.

CWE

CWE-416

Use After Free

3.7 /10