3.7 LOW
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): HIGH
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
References
- https://access.redhat.com/security/cve/CVE-2025-3416 x_refsource_REDHAT vdb-entry
- RHBZ#2357560 issue-tracking x_refsource_REDHAT
- https://github.com/sfackler/rust-openssl
- https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607…
- https://github.com/sfackler/rust-openssl/pull/2390
- https://rustsec.org/advisories/RUSTSEC-2025-0022.html
- https://github.com/sfackler/rust-openssl
- https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607…
- https://github.com/sfackler/rust-openssl/pull/2390
- https://rustsec.org/advisories/RUSTSEC-2025-0022.html
- https://access.redhat.com/security/cve/CVE-2025-3416 x_refsource_REDHAT vdb-entry
- RHBZ#2357560 issue-tracking x_refsource_REDHAT
- https://access.redhat.com/security/cve/CVE-2025-3416 x_refsource_REDHAT vdb-entry
- RHBZ#2357560 issue-tracking x_refsource_REDHAT
- https://github.com/sfackler/rust-openssl
- https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607…
- https://github.com/sfackler/rust-openssl/pull/2390
- https://rustsec.org/advisories/RUSTSEC-2025-0022.html
- https://rustsec.org/advisories/RUSTSEC-2025-0022.html
- https://access.redhat.com/security/cve/CVE-2025-3416 x_refsource_REDHAT vdb-entry
- RHBZ#2357560 issue-tracking x_refsource_REDHAT
- https://github.com/sfackler/rust-openssl
- https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607…
- https://github.com/sfackler/rust-openssl/pull/2390
- https://access.redhat.com/security/cve/CVE-2025-3416 x_refsource_REDHAT vdb-entry
- RHBZ#2357560 issue-tracking x_refsource_REDHAT
- https://github.com/sfackler/rust-openssl
- https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607…
- https://github.com/sfackler/rust-openssl/pull/2390
- https://rustsec.org/advisories/RUSTSEC-2025-0022.html
Affected products
- <0.10.72
Matching in nixpkgs
pkgs.polkit
Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes
-
nixos-unstable -
- nixpkgs-unstable 126
pkgs.openssl
Cryptographic library that implements the SSL and TLS protocols
-
nixos-unstable -
- nixpkgs-unstable 3.5.1
pkgs.astal.gjs
Astal module for GJS
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2025-08-29
pkgs.cmd-polkit
Easily create polkit authentication agents by using commands
-
nixos-unstable -
- nixpkgs-unstable 0.3.0
pkgs.firefoxpwa
Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)
-
nixos-unstable -
- nixpkgs-unstable 2.15.0
pkgs.rpm-ostree
Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model
-
nixos-unstable -
- nixpkgs-unstable 2024.8
pkgs.openssl_1_1
Cryptographic library that implements the SSL and TLS protocols
-
nixos-unstable -
- nixpkgs-unstable 1.1.1w
pkgs.openssl_3_0
Cryptographic library that implements the SSL and TLS protocols
-
nixos-unstable -
- nixpkgs-unstable 3.0.17
pkgs.openssl_3_5
Cryptographic library that implements the SSL and TLS protocols
-
nixos-unstable -
- nixpkgs-unstable 3.5.1
pkgs._389-ds-base
Enterprise-class Open Source LDAP server for Linux
-
nixos-unstable -
- nixpkgs-unstable 3.1.3
pkgs.polkit_gnome
Dbus session bus service that is used to bring up authentication dialogs
-
nixos-unstable -
- nixpkgs-unstable 0.105
pkgs.tpm2-openssl
OpenSSL Provider for TPM2 integration
-
nixos-unstable -
- nixpkgs-unstable 1.3.0
pkgs.faust2firefox
The faust2firefox script, part of faust functional programming language for realtime audio signal processing
-
nixos-unstable -
- nixpkgs-unstable 2.79.3
pkgs.openssl_legacy
Cryptographic library that implements the SSL and TLS protocols
-
nixos-unstable -
- nixpkgs-unstable 3.5.1
pkgs.firefox_decrypt
Tool to extract passwords from profiles of Mozilla Firefox and derivates
-
nixos-unstable -
- nixpkgs-unstable 1.1.1
pkgs.hyprpolkitagent
Polkit authentication agent written in QT/QML
-
nixos-unstable -
- nixpkgs-unstable 0.1.3
pkgs.mate.mate-polkit
Integrates polkit authentication for MATE desktop
-
nixos-unstable -
- nixpkgs-unstable 1.28.1
pkgs.firefox-unwrapped
Web browser built from Firefox source tree
-
nixos-unstable -
- nixpkgs-unstable 142.0.1
pkgs.pcscliteWithPolkit
Middleware to access a smart card using SCard API (PC/SC)
-
nixos-unstable -
- nixpkgs-unstable 2.3.0
pkgs.firefox-sync-client
Commandline-utility to list/view/edit/delete entries in a firefox-sync account
-
nixos-unstable -
- nixpkgs-unstable 1.9.0
pkgs.libsForQt5.polkit-qt
Qt wrapper around PolKit
-
nixos-unstable -
- nixpkgs-unstable 1-0.114.0
pkgs.rubyPackages.openssl
None
-
nixos-unstable -
- nixpkgs-unstable 3.3.0
pkgs.firefox-esr-unwrapped
Web browser built from Firefox source tree
-
nixos-unstable -
- nixpkgs-unstable 140.2.0esr
pkgs.firefox-beta-unwrapped
Web browser built from Firefox Beta Release source tree
-
nixos-unstable -
- nixpkgs-unstable 144.0b1
pkgs.gnomeExtensions.gjs-osk
A new Onscreen Keyboard built using GNOME JS
-
nixos-unstable -
- nixpkgs-unstable 38
pkgs.kdePackages.polkit-qt-1
Qt wrapper around Polkit-1 client libraries
-
nixos-unstable -
- nixpkgs-unstable 1-0.200.0
pkgs.php81Extensions.openssl
PHP upstream extension: openssl
-
nixos-unstable -
- nixpkgs-unstable 8.1.33
pkgs.php82Extensions.openssl
PHP upstream extension: openssl
-
nixos-unstable -
- nixpkgs-unstable 8.2.29
pkgs.php83Extensions.openssl
PHP upstream extension: openssl
-
nixos-unstable -
- nixpkgs-unstable 8.3.25
pkgs.php84Extensions.openssl
PHP upstream extension: openssl
-
nixos-unstable -
- nixpkgs-unstable 8.4.12
pkgs.haskellPackages.hopenssl
FFI Bindings to OpenSSL's EVP Digest Interface
-
nixos-unstable -
- nixpkgs-unstable 2.2.5
pkgs.rubyPackages_3_1.openssl
None
-
nixos-unstable -
- nixpkgs-unstable 3.3.0
pkgs.rubyPackages_3_2.openssl
None
-
nixos-unstable -
- nixpkgs-unstable 3.3.0
pkgs.rubyPackages_3_3.openssl
None
-
nixos-unstable -
- nixpkgs-unstable 3.3.0
pkgs.rubyPackages_3_4.openssl
None
-
nixos-unstable -
- nixpkgs-unstable 3.3.0
pkgs.bruteforce-salted-openssl
Try to find the password of file encrypted with OpenSSL
-
nixos-unstable -
- nixpkgs-unstable 1.5.0
pkgs.plasma5Packages.polkit-qt
Qt wrapper around PolKit
-
nixos-unstable -
- nixpkgs-unstable 1-0.114.0
pkgs.python312Packages.pypugjs
PugJS syntax template adapter for Django, Jinja2, Mako and Tornado templates
-
nixos-unstable -
- nixpkgs-unstable 5.12.0
pkgs.python313Packages.pypugjs
PugJS syntax template adapter for Django, Jinja2, Mako and Tornado templates
-
nixos-unstable -
- nixpkgs-unstable 5.12.0
pkgs.lomiri.lomiri-polkit-agent
Policy kit agent for the Lomiri desktop
-
nixos-unstable -
- nixpkgs-unstable 0.3
pkgs.python312Packages.pyopenssl
Python wrapper around the OpenSSL library
-
nixos-unstable -
- nixpkgs-unstable 25.1.0
pkgs.python313Packages.pyopenssl
Python wrapper around the OpenSSL library
-
nixos-unstable -
- nixpkgs-unstable 25.1.0
pkgs.firefox-devedition-unwrapped
Web browser built from Firefox Developer Edition source tree
-
nixos-unstable -
- nixpkgs-unstable 144.0b1
pkgs.python312Packages.aioopenssl
TLS-capable transport using OpenSSL for asyncio
-
nixos-unstable -
- nixpkgs-unstable 0.6.0
pkgs.python313Packages.aioopenssl
TLS-capable transport using OpenSSL for asyncio
-
nixos-unstable -
- nixpkgs-unstable 0.6.0
pkgs.luaPackages.lua-resty-openssl
No summary
-
nixos-unstable -
- nixpkgs-unstable 1.6.4-1
pkgs.kdePackages.polkit-kde-agent-1
Daemon providing a Polkit authentication UI for Plasma
-
nixos-unstable -
- nixpkgs-unstable 1-6.4.5
pkgs.pantheon.pantheon-agent-polkit
Polkit Agent for the Pantheon Desktop
-
nixos-unstable -
- nixpkgs-unstable 8.0.1
pkgs.php81Extensions.openssl-legacy
PHP upstream extension: openssl-legacy
-
nixos-unstable -
- nixpkgs-unstable 8.1.33
pkgs.php82Extensions.openssl-legacy
PHP upstream extension: openssl-legacy
-
nixos-unstable -
- nixpkgs-unstable 8.2.29
pkgs.php83Extensions.openssl-legacy
PHP upstream extension: openssl-legacy
-
nixos-unstable -
- nixpkgs-unstable 8.3.25
pkgs.php84Extensions.openssl-legacy
PHP upstream extension: openssl-legacy
-
nixos-unstable -
- nixpkgs-unstable 8.4.12
pkgs.python312Packages.cryptography
Package which provides cryptographic recipes and primitives
-
nixos-unstable -
- nixpkgs-unstable 45.0.4
pkgs.haskellPackages.openssl-streams
OpenSSL network support for io-streams
-
nixos-unstable -
- nixpkgs-unstable 1.2.3.0
pkgs.lua51Packages.lua-resty-openssl
No summary
-
nixos-unstable -
- nixpkgs-unstable 1.6.4-1
pkgs.lua52Packages.lua-resty-openssl
No summary
-
nixos-unstable -
- nixpkgs-unstable 1.6.4-1
pkgs.lua53Packages.lua-resty-openssl
No summary
-
nixos-unstable -
- nixpkgs-unstable 1.6.4-1
pkgs.lua54Packages.lua-resty-openssl
No summary
-
nixos-unstable -
- nixpkgs-unstable 1.6.4-1
pkgs.gnomeExtensions.firefox-profiles
Easily launch Firefox with your favorite profile right from the indicator menu!
-
nixos-unstable -
- nixpkgs-unstable 4
pkgs.luajitPackages.lua-resty-openssl
No summary
-
nixos-unstable -
- nixpkgs-unstable 1.6.4-1
pkgs.haskellPackages.openssl-createkey
Create OpenSSL keypairs
-
nixos-unstable -
- nixpkgs-unstable 0.1
pkgs.python312Packages.types-pyopenssl
Typing stubs for pyopenssl
-
nixos-unstable -
- nixpkgs-unstable 24.1.0.20240722
pkgs.python313Packages.types-pyopenssl
Typing stubs for pyopenssl
-
nixos-unstable -
- nixpkgs-unstable 24.1.0.20240722
pkgs.haskellPackages.cryptonite-openssl
Crypto stuff using OpenSSL cryptographic library
-
nixos-unstable -
- nixpkgs-unstable 0.7
pkgs.haskellPackages.http-client-openssl
http-client backend using the OpenSSL library
-
nixos-unstable -
- nixpkgs-unstable 0.3.3
pkgs.chickenPackages_5.chickenEggs.openssl
Bindings to the OpenSSL SSL/TLS library
-
nixos-unstable -
- nixpkgs-unstable 2.2.6
pkgs.tests.pkg-config.defaultPkgConfigPackages.libssl
Test whether openssl-3.5.1 exposes pkg-config modules libssl
pkgs.tests.pkg-config.defaultPkgConfigPackages.openssl
Test whether openssl-3.5.1 exposes pkg-config modules openssl
pkgs.tests.pkg-config.defaultPkgConfigPackages.libcrypto
Test whether openssl-3.5.1 exposes pkg-config modules libcrypto
pkgs.tests.testers.hasPkgConfigModules.openssl-has-openssl
Test whether openssl-3.5.1 exposes pkg-config modules openssl
pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug
Visual Studio Code extension for debugging web applications and browser extensions in Firefox
-
nixos-unstable -
- nixpkgs-unstable 2.15.0
Package maintainers
-
@ners ners <ners@gmx.ch>
-
@PerchunPak Perchun Pak <nixpkgs@perchun.it>
-
@octodi octodi <octodi@proton.me>
-
@Daru-san Daru <zadarumaka@proton.me>
-
@pmahoney Patrick Mahoney <pat@polycrystal.org>
-
@magnetophon Bart Brouns <bart@magnetophon.nl>
-
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
-
@rhendric Ryan Hendrickson
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
-
@unode Renato Alves <alves.rjc@gmail.com>
-
@schnusch schnusch
-
@camillemndn Camille M. <camillemondon@free.fr>
-
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
-
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>
-
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@peti Peter Simons <simons@cryp.to>
-
@khaneliman Austin Horstman <khaneliman12@gmail.com>
-
@donovanglover Donovan Glover
-
@fufexan Fufezan Mihai <fufexan@protonmail.com>
-
@NotAShelf NotAShelf <raf@notashelf.dev>
-
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@K900 Ilya K. <me@0upti.me>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
-
@johannesloetzsch Johannes Lötzsch <github@johannesloetzsch.de>
-
@romildo José Romildo Malaquias <malaquias@gmail.com>
-
@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
-
@thillux Markus Theil <theil.markus@gmail.com>
-
@davidak David Kleuker <post@davidak.de>
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
-
@lopsided98 Ben Wolsieffer <benwolsieffer@gmail.com>
-
@gador Florian Brandes <florian.brandes@posteo.de>
-
@stv0g Steffen Vogel <post@steffenvogel.de>
-
@felschr Felix Schröter <dev@felschr.com>