{"id":"RUSTSEC-2025-0022","summary":"Use-After-Free in `Md::fetch` and `Cipher::fetch`","details":"When a `Some(...)` value was passed to the `properties` argument of either of these functions, a use-after-free would result.\n\nIn practice this would nearly always result in OpenSSL treating the properties as an empty string (due to `CString::drop`'s behavior).\n\nThe maintainers thank [quitbug](https://github.com/quitbug/) for reporting this vulnerability to us.","aliases":["GHSA-4fcv-w3qc-ppgg"],"modified":"2025-10-28T06:29:22.917994Z","published":"2025-04-04T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/openssl"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0022.html"},{"type":"WEB","url":"https://github.com/sfackler/rust-openssl/pull/2390"}],"affected":[{"package":{"name":"openssl","ecosystem":"crates.io","purl":"pkg:cargo/openssl"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.10.39"},{"fixed":"0.10.72"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"functions":["openssl::cipher::Cipher::fetch","openssl::md::Md::fetch"],"arch":[],"os":[]}},"database_specific":{"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0022.json","categories":["memory-corruption"],"informational":null}}],"schema_version":"1.7.3"}