SB2025040429 - Denial of service in rust-openssl

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2025-24898)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the ssl::select_next_proto() function. A remote attacker can trigger a use-after-free error and crash the server or read arbitrary memory contents.

2) Out-of-bounds read (CVE-ID: CVE-2025-0977)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in ssl::select_next_proto. A remote attacker can initiate connection with the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://github.com/sfackler/rust-openssl/pull/2360
• https://github.com/sfackler/rust-openssl/security/advisories/GHSA-rpmj-rpgj-qmpm
• https://lists.debian.org/debian-lts-announce/2025/02/msg00009.html
• https://rustsec.org/advisories/RUSTSEC-2025-0004.html