[Pkg-rust-maintainers] Bug#1095168: rust-openssl: RUSTSEC-2025-0004 ssl::select_next_proto use after free
Alexander Kjäll
alexander.kjall at gmail.com
Tue Feb 4 17:47:10 GMT 2025
Source: rust-openssl
Version: 0.10.68-1
Severity: normal
X-Debbugs-Cc: alexander.kjall at gmail.com
Dear Maintainer,
use after free vulnerability in versions >=0.10.0, <0.10.70
https://rustsec.org/advisories/RUSTSEC-2025-0004
In openssl versions before 0.10.70, ssl::select_next_proto can return a slice pointing
into the server argument's buffer but with a lifetime bound to the client argument. In
situations where the server buffer's lifetime is shorter than the client buffer's, this
can cause a use after free. This could cause the server to crash or to return arbitrary
memory contents to the client.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.10.11-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Pkg-rust-maintainers
mailing list