CVE-2025-3416

Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`

Description

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Remediation

Workaround:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Tags
https://access.redhat.com/security/cve/CVE-2025-3416	vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2357560	issue tracking
https://github.com/sfackler/rust-openssl
https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4
https://github.com/sfackler/rust-openssl/pull/2390
https://rustsec.org/advisories/RUSTSEC-2025-0022.html

Frequently Asked Questions

What is the severity of CVE-2025-3416?: CVE-2025-3416 has been scored as a low severity vulnerability.
How to fix CVE-2025-3416?: As a workaround for remediating CVE-2025-3416: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Is CVE-2025-3416 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-3416 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-3416?: CVE-2025-3416 affects Red Hat Red Hat Directory Server 11, Red Hat Red Hat Directory Server 12, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat OpenShift Container Platform 4, Red Hat Red Hat Trusted Artifact Signer, Red Hat Red Hat Trusted Artifact Signer, Red Hat Red Hat Trusted Profile Analyzer.

Description

Remediation

Category

CWE-416 – Use After Free

References

Frequently Asked Questions