CVE & CISA-KEV Catalog

CVE-2025-24898

UNSCORED

Description

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.

How to fix

Remediation Available
rust-opensslDebian
Fixed in:0.10.29-1+deb11u1CVE-2025-24898
Fixed in:0.10.70-1CVE-2025-24898
Fixed in:0.10.70-1CVE-2025-24898
bootcRocky
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
bootcRed Hat / RHEL
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
bootc-debuginfoRed Hat / RHEL
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
bootc-debuginfoRocky
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
bootc-debugsourceRed Hat / RHEL
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
bootc-debugsourceRocky
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
bootupdRocky
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
bootupdRed Hat / RHEL
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
bootupd-debuginfoRed Hat / RHEL
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
bootupd-debuginfoRocky
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
keylime-agent-rustRed Hat / RHEL
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
keylime-agent-rustRocky
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
keylime-agent-rust-debuginfoRed Hat / RHEL
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
keylime-agent-rust-debuginfoRocky
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
keylime-agent-rust-debugsourceRocky
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
keylime-agent-rust-debugsourceRed Hat / RHEL
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
Fixed in:0:0.2.2-2.el9RHSA-2025:7313
python3.12-cryptographyRocky
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
python3.12-cryptographyRed Hat / RHEL
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
python3.12-cryptography-debuginfoRed Hat / RHEL
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
python3.12-cryptography-debuginfoRocky
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
python3.12-cryptography-debugsourceRed Hat / RHEL
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
python3.12-cryptography-debugsourceRocky
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
Fixed in:0:41.0.7-2.el9RHSA-2025:7317
rpm-ostreeRocky
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostreeRed Hat / RHEL
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostree-debuginfoRocky
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostree-debuginfoRed Hat / RHEL
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostree-debugsourceRocky
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostree-debugsourceRed Hat / RHEL
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostree-libsRocky
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostree-libsRed Hat / RHEL
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostree-libs-debuginfoRocky
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rpm-ostree-libs-debuginfoRed Hat / RHEL
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
Fixed in:0:2025.5-1.el9RHSA-2025:7147
rust-bootupdRed Hat / RHEL
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
rust-bootupdRocky
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
rust-bootupd-debugsourceRed Hat / RHEL
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
rust-bootupd-debugsourceRocky
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
Fixed in:0:0.2.27-3.el9RHSA-2025:7241
system-reinstall-bootcRed Hat / RHEL
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
system-reinstall-bootcRocky
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
system-reinstall-bootc-debuginfoRed Hat / RHEL
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
system-reinstall-bootc-debuginfoRocky
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
Fixed in:0:1.1.6-3.el9_6RHSA-2025:7160
librust-openssl-devUbuntu
Fixed in:0.10.23-1ubuntu0.1~esm1USN-7891-1
Fixed in:0.10.36-1ubuntu0.1~esm1USN-7891-1
Fixed in:0.10.57-1ubuntu0.1~esm1USN-7891-1
rust-opensslUbuntu
Fixed in:0.10.23-1ubuntu0.1~esm1USN-7891-1
Fixed in:0.10.36-1ubuntu0.1~esm1USN-7891-1
Fixed in:0.10.57-1ubuntu0.1~esm1USN-7891-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.65%probability of exploitation in 30 days
47thpercentile

Moderate risk: more likely to be exploited than 47% of all known CVEs.

References

Related Vulnerabilities

Other CWE-416 (Use After Free) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2019-0708Critical9.8100%KEV + Ransom-
CVE-2021-31166Critical9.8100%KEVFix
CVE-2015-5119Critical9.899%KEV-
CVE-2010-3962High8.197%KEV-
CVE-2015-0313Critical9.896%KEVFix
CVE-2017-9798High7.595%-Fix
Embed a live status badge for CVE-2025-24898
CVE-2025-24898 severity badge

Markdown

[![CVE-2025-24898](https://tridentstack.com/cve/badge/CVE-2025-24898.svg)](https://tridentstack.com/cve/CVE-2025-24898)

HTML

<a href="https://tridentstack.com/cve/CVE-2025-24898"><img src="https://tridentstack.com/cve/badge/CVE-2025-24898.svg" alt="CVE-2025-24898"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-02-11.