CVE-2025-24898 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-24898 Interim 1 5 2025-06-01T23:12:48Z current 2025-02-17T00:11:34Z 2025-06-01T23:12:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-24898 rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-May/001310.html E-Mail link for RHSA-2025:7147 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-May/001280.html E-Mail link for RHSA-2025:7160 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-June/001517.html E-Mail link for RHSA-2025:7241 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-May/001296.html E-Mail link for RHSA-2025:7313 https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-June/001540.html E-Mail link for RHSA-2025:7317 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 9 openSUSE Tumbleweed bootc-1.1.6-3.el9_6 bootupd-0.2.27-3.el9 keylime-agent-rust-0.2.2-2.el9 obs-service-cargo-4.5.0-2.1 python3.12-cryptography-41.0.7-2.el9 rpm-ostree-2025.5-1.el9 rpm-ostree-libs-2025.5-1.el9 system-reinstall-bootc-1.1.6-3.el9_6 bootc-1.1.6-3.el9_6 as a component of SUSE Liberty Linux 9 bootupd-0.2.27-3.el9 as a component of SUSE Liberty Linux 9 keylime-agent-rust-0.2.2-2.el9 as a component of SUSE Liberty Linux 9 python3.12-cryptography-41.0.7-2.el9 as a component of SUSE Liberty Linux 9 rpm-ostree-2025.5-1.el9 as a component of SUSE Liberty Linux 9 rpm-ostree-libs-2025.5-1.el9 as a component of SUSE Liberty Linux 9 system-reinstall-bootc-1.1.6-3.el9_6 as a component of SUSE Liberty Linux 9 obs-service-cargo-4.5.0-2.1 as a component of openSUSE Tumbleweed rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback. CVE-2025-24898 SUSE Liberty Linux 9:bootc-1.1.6-3.el9_6 SUSE Liberty Linux 9:bootupd-0.2.27-3.el9 SUSE Liberty Linux 9:keylime-agent-rust-0.2.2-2.el9 SUSE Liberty Linux 9:python3.12-cryptography-41.0.7-2.el9 SUSE Liberty Linux 9:rpm-ostree-2025.5-1.el9 SUSE Liberty Linux 9:rpm-ostree-libs-2025.5-1.el9 SUSE Liberty Linux 9:system-reinstall-bootc-1.1.6-3.el9_6 openSUSE Tumbleweed:obs-service-cargo-4.5.0-2.1 moderate