CVE-2025-3416

Description

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Reserved 2025-04-07 | Published 2025-04-08 | Updated 2025-05-22 | Assigner redhat

Problem types

Use After Free

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Timeline

2025-04-04:	Reported to Red Hat.
2025-04-04:	Made public.

References

access.redhat.com/security/cve/CVE-2025-3416 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2357560 (RHBZ#2357560) issue-tracking

github.com/sfackler/rust-openssl

github.com/...ommit/87085bd67896b7f92e6de35d081f607a334beae4

github.com/sfackler/rust-openssl/pull/2390

rustsec.org/advisories/RUSTSEC-2025-0022.html

cve.org (CVE-2025-3416)

nvd.nist.gov (CVE-2025-3416)

Download JSON