CVE-2025-3416

Published: Apr 8, 2025

Modified: Nov 15, 2025

PUBLISHED

CVSS v3.1

3.7

LOW

Description

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

Vendor	Product	Versions
Unknown	rust-openssl	affected `0.10.39 - < 0.10.72`
Red Hat	Red Hat Directory Server 11	All versions
Red Hat	Red Hat Directory Server 12	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions
Red Hat	Red Hat Trusted Artifact Signer	All versions
Red Hat	Red Hat Trusted Artifact Signer	All versions
Red Hat	Red Hat Trusted Profile Analyzer	All versions