#VU106997 Use-after-free in rust-openssl - CVE-2025-24898

Cybersecurity Help s.r.o.

Published: 2025-04-04

Vulnerability identifier: #VU106997

Vulnerability risk: Medium

CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-24898

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
rust-openssl
Universal components / Libraries / Libraries used by multiple products

Vendor: Steven Fackler

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the ssl::select_next_proto() function. A remote attacker can trigger a use-after-free error and crash the server or read arbitrary memory contents.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

rust-openssl: 0.10.0 - 0.10.69

External links
https://github.com/sfackler/rust-openssl/pull/2360
https://github.com/sfackler/rust-openssl/security/advisories/GHSA-rpmj-rpgj-qmpm
https://lists.debian.org/debian-lts-announce/2025/02/msg00009.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 24.03 LTS update for three-eight-nine-ds-base

openEuler 24.03 LTS SP1 update for three-eight-nine-ds-base

Fedora 41 update for vaultwarden

Fedora 40 update for vaultwarden

Fedora EPEL 10.0 update for vaultwarden

Fedora EPEL 9 update for vaultwarden

Denial of service in rust-openssl