Bug 2343573 (CVE-2025-24898)

Summary: CVE-2025-24898 rust-openssl: rust openssl ssl::select_next_proto use after free
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bsmejkal, jachapma, progier, rgatica, spichugi, ssidhaye, tbordaz, teagle, vashirov
Target Milestone: ---Keywords: Security
Target Release: ---Flags: vashirov: needinfo? (rgatica)
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the rust-openssl package. In certain versions, `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use-after-free error. This could cause the server to crash or return arbitrary memory contents to the client.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-02-03 18:01:18 UTC 
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a lifetime bound to the `client` argument. In situations where the `sever` buffer's lifetime is shorter than the `client` buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. The crate`openssl` version 0.10.70 fixes the signature of `ssl::select_next_proto` to properly constrain the output buffer's lifetime to that of both input buffers. Users are advised to upgrade. In standard usage of `ssl::select_next_proto` in the callback passed to `SslContextBuilder::set_alpn_select_callback`, code is only affected if the `server` buffer is constructed *within* the callback.
Comment 2 Viktor Ashirov 2025-02-03 20:25:17 UTC 
https://github.com/389ds/389-ds-base/pull/6573
Comment 3 Viktor Ashirov 2025-02-04 10:37:56 UTC 
openssl crate is used in 389-ds-base only in pwdchan plugin for hashing purposes:
https://github.com/389ds/389-ds-base/blob/main/src/plugins/pwdchan/Cargo.toml
https://github.com/389ds/389-ds-base/blob/main/src/plugins/pwdchan/src/lib.rs

Therefore I believe 389-ds-base is unaffected by this CVE.

Robb, could you please confirm?
Comment 11 errata-xmlrpc 2025-05-13 10:10:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7147 https://access.redhat.com/errata/RHSA-2025:7147
Comment 12 errata-xmlrpc 2025-05-13 10:13:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7160 https://access.redhat.com/errata/RHSA-2025:7160
Comment 13 errata-xmlrpc 2025-05-13 10:25:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7241 https://access.redhat.com/errata/RHSA-2025:7241
Comment 14 errata-xmlrpc 2025-05-13 10:35:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7313 https://access.redhat.com/errata/RHSA-2025:7313
Comment 15 errata-xmlrpc 2025-05-13 10:36:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:7317 https://access.redhat.com/errata/RHSA-2025:7317