Home
LOW: 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LDefault status
unaffected
0.10.39 (semver) before 0.10.72
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Description
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Problem types
Product status
0.10.39 (semver) before 0.10.72
Timeline
| 2025-04-04: | Reported to Red Hat. |
| 2025-04-04: | Made public. |
References
access.redhat.com/security/cve/CVE-2025-3416
bugzilla.redhat.com/show_bug.cgi?id=2357560 (RHBZ#2357560)
github.com/sfackler/rust-openssl
github.com/...ommit/87085bd67896b7f92e6de35d081f607a334beae4
github.com/sfackler/rust-openssl/pull/2390
rustsec.org/advisories/RUSTSEC-2025-0022.html