CVE-2025-24898: rust-openssl ssl::select_next_proto use after free
(updated )
ssl::select_next_proto
can return a slice pointing into the server
argument’s buffer but with a lifetime bound to the client
argument. In situations where the server
buffer’s lifetime is shorter than the client
buffer’s, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client.
References
- crates.io/crates/openssl
- github.com/advisories/GHSA-rpmj-rpgj-qmpm
- github.com/sfackler/rust-openssl
- github.com/sfackler/rust-openssl/commit/f014afb230de4d77bc79dea60e7e58c2f47b60f2
- github.com/sfackler/rust-openssl/pull/2360
- github.com/sfackler/rust-openssl/security/advisories/GHSA-rpmj-rpgj-qmpm
- lists.debian.org/debian-lts-announce/2025/02/msg00009.html
- nvd.nist.gov/vuln/detail/CVE-2025-24898
- rustsec.org/advisories/RUSTSEC-2025-0004.html
Detect and mitigate CVE-2025-24898 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →