UBUNTU-CVE-2025-3416

Details

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Affected Packages

Ubuntu:Pro:20.04:LTSrust-openssl

Affected versions:

0.10.23-1

Ubuntu:22.04:LTSrust-openssl

Affected versions:

0.10.29-10.10.36-1

Ubuntu:24.04:LTSrust-openssl

Affected versions:

0.10.45-10.10.57-1

Ubuntu:25.04rust-openssl

Affected versions:

0.10.64-10.10.68-10.10.70-1

Ubuntu:20.04:LTSrust-openssl

Affected versions:

0.10.23-1

References

REPORThttps://access.redhat.com/security/cve/CVE-2025-3416 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2357560 REPORThttps://github.com/sfackler/rust-openssl REPORThttps://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4 REPORThttps://github.com/sfackler/rust-openssl/pull/2390 REPORThttps://rustsec.org/advisories/RUSTSEC-2025-0022.html REPORThttps://ubuntu.com/security/CVE-2025-3416 REPORThttps://www.cve.org/CVERecord?id=CVE-2025-3416

UBUNTU-CVE-2025-3416

Details

Affected Packages

References

CVSS Analysis

Upstream

Ecosystems

Timeline