OpenSSL Property Handling Flaw Allows Unintended Input Handling
CVE-2025-3416

3.7LOW

Key Information:

Vendor
Red Hat
Status
Red Hat Directory Server 11
Red Hat Directory Server 12
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
8 April 2025

Summary

A flaw exists in OpenSSL's processing of the properties argument in specific functions, which can be exploited through use-after-free techniques. This exploitation may lead to undefined behavior during execution, allowing OpenSSL to incorrectly parse properties and potentially treat the input as an empty string. Developers need to be aware of this issue to mitigate risks associated with improper input handling and ensure secure application performance.

References

https://access.redhat.com/security/cve/CVE-2025-3416
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2357560
issue-trackingx_refsource_REDHAT
https://github.com/sfackler/rust-openssl

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.