{"id":"UBUNTU-CVE-2025-24898","details":"rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.","modified":"2026-02-04T02:29:01.052356Z","published":"2025-02-03T18:15:00Z","related":["USN-7891-1"],"upstream":["CVE-2025-24898"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-24898"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-24898"},{"type":"REPORT","url":"https://crates.io/crates/openssl"},{"type":"REPORT","url":"https://github.com/sfackler/rust-openssl/pull/2360"},{"type":"REPORT","url":"https://github.com/sfackler/rust-openssl/security/advisories/GHSA-rpmj-rpgj-qmpm"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7891-1"}],"affected":[{"package":{"name":"rust-openssl","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/rust-openssl@0.10.23-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.23-1ubuntu0.1~esm1"}]}],"versions":["0.10.23-1"],"ecosystem_specific":{"binaries":[{"binary_name":"librust-openssl-dev","binary_version":"0.10.23-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24898.json"}},{"package":{"name":"rust-openssl","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/rust-openssl@0.10.36-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.36-1ubuntu0.1~esm1"}]}],"versions":["0.10.29-1","0.10.36-1"],"ecosystem_specific":{"binaries":[{"binary_name":"librust-openssl-dev","binary_version":"0.10.36-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24898.json"}},{"package":{"name":"rust-openssl","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/rust-openssl@0.10.57-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.57-1ubuntu0.1~esm1"}]}],"versions":["0.10.45-1","0.10.57-1"],"ecosystem_specific":{"binaries":[{"binary_name":"librust-openssl-dev","binary_version":"0.10.57-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-24898.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N"},{"type":"Ubuntu","score":"medium"}]}