{"id":"CVE-2025-3416","summary":"Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`","details":"A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.","modified":"2026-05-18T05:56:17.442669592Z","published":"2025-04-08T18:24:22.102Z","related":["SUSE-SU-2025:01591-1","SUSE-SU-2025:01619-1","SUSE-SU-2025:01631-1","SUSE-SU-2025:01662-1","SUSE-SU-2025:01662-2","SUSE-SU-2025:01806-1","SUSE-SU-2025:01807-1","SUSE-SU-2025:01818-1","SUSE-SU-2025:02017-1","SUSE-SU-2025:02166-1","SUSE-SU-2025:02809-1","SUSE-SU-2025:02810-1","SUSE-SU-2025:02811-1","SUSE-SU-2025:02896-1","SUSE-SU-2025:03298-1","SUSE-SU-2025:03306-1","SUSE-SU-2025:03307-1","SUSE-SU-2025:03445-1","SUSE-SU-2025:1560-1","SUSE-SU-2025:1570-1","SUSE-SU-2025:20352-1","SUSE-SU-2025:20365-1","SUSE-SU-2025:20407-1","SUSE-SU-2025:20429-1","SUSE-SU-2025:20463-1","SUSE-SU-2025:20474-1","SUSE-SU-2025:20716-1","SUSE-SU-2025:20717-1","SUSE-SU-2025:20783-1","SUSE-SU-2025:20858-1","SUSE-SU-2025:3783-1","SUSE-SU-2025:3784-1","SUSE-SU-2025:3785-1","SUSE-SU-2025:3786-1","SUSE-SU-2026:0620-1","openSUSE-SU-2025:0152-1","openSUSE-SU-2025:15056-1","openSUSE-SU-2025:15057-1","openSUSE-SU-2025:15060-1","openSUSE-SU-2025:15061-1","openSUSE-SU-2025:15062-1","openSUSE-SU-2025:15063-1","openSUSE-SU-2025:15065-1","openSUSE-SU-2025:15066-1","openSUSE-SU-2025:15068-1","openSUSE-SU-2025:15071-1","openSUSE-SU-2025:15173-1","openSUSE-SU-2025:15217-1","openSUSE-SU-2025:15238-1","openSUSE-SU-2025:15346-1"],"database_specific":{"cna_assigner":"redhat","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/3xxx/CVE-2025-3416.json","cwe_ids":["CWE-416"]},"references":[{"type":"WEB","url":"https://access.redhat.com/downloads/content/package-browser/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2025-3416"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/3xxx/CVE-2025-3416.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3416"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0022.html"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2357560"},{"type":"FIX","url":"https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4"},{"type":"FIX","url":"https://github.com/sfackler/rust-openssl/pull/2390"},{"type":"PACKAGE","url":"https://github.com/sfackler/rust-openssl"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rust-openssl/rust-openssl","events":[{"introduced":"936aba3c6062a1aa8166cde1306a5763523aca23"},{"fixed":"87085bd67896b7f92e6de35d081f607a334beae4"}]}],"versions":["openssl-v0.10.71","openssl-sys-v0.9.106","openssl-v0.10.70","openssl-sys-v0.9.105","openssl-v0.10.69","openssl-v0.10.68","openssl-v0.10.67","openssl-sys-v0.9.104","openssl-v0.10.66","openssl-v0.10.65","openssl-sys-v0.9.103","openssl-sys-v0.9.102","openssl-sys-v0.9.101","openssl-v0.10.64","openssl-sys-v0.9.100","openssl-v0.10.63","openssl-sys-v0.9.99","openssl-v0.10.62","openssl-sys-v0.9.98","openssl-v0.10.61","openssl-sys-v0.9.97","openssl-v0.10.60","openssl-sys-v0.9.96","openssl-v0.10.59","openssl-sys-v0.9.95","openssl-v0.10.58","openssl-sys-v0.9.94","openssl-sys-v0.9.93","openssl-v0.10.57","openssl-sys-v0.9.92","openssl-v0.10.56","openssl-sys-v0.9.91","openssl-sys-v0.9.90","openssl-v0.10.55","openssl-sys-v0.9.89","openssl-v0.10.54","openssl-v0.10.53","openssl-sys-v0.9.88","openssl-v0.10.52","openssl-sys-v0.9.87","openssl-v0.10.51","openssl-sys-v0.9.86","openssl-v0.10.50","openssl-sys-v0.9.85","openssl-v0.10.49","openssl-sys-v0.9.84","openssl-macros-v0.1.1","openssl-v0.10.48","openssl-sys-v0.9.83","openssl-v0.10.47","openssl-sys-v0.9.82","openssl-v0.10.46","openssl-sys-v0.9.81","openssl-v0.10.45","openssl-sys-v0.9.80","openssl-v0.10.44","openssl-sys-v0.9.79","openssl-v0.10.43","openssl-sys-v0.9.78","openssl-sys-v0.9.77","openssl-v0.10.42","openssl-sys-v0.9.76","openssl-v0.10.41","openssl-sys-v0.9.75","openssl-sys-v0.9.74","openssl-v0.10.40","openssl-v0.10.39"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-3416.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}