Inappropriate coding practices In rust-openssl
Description
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crateopenssl version 0.10.70 fixes the signature of ssl::select_next_proto to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of ssl::select_next_proto in the callback passed to SslContextBuilder::set_alpn_select_callback, code is only affected if the server buffer is constructed within the callback.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 debian 11 | 0.10.29-1+deb11u1 | ||
debian 12 | - | ||
debian 13 | 0.10.70-1 | ||
debian 14 | 0.10.70-1 | ||
 rpm rhel9 | 0:41.0.7-2.el9 | ||
rpm rhel9 | 0:1.1.6-3.el9_6 | ||
rpm rhel9 | - | - | |
rpm rhel9 | 0:0.2.2-2.el9 | ||
rpm rhel9 | 0:2025.5-1.el9 | ||
rpm rhel9 | - | - |
1-10 of 14
10
Aliases
References