CVE-2025-4432

Published: May 9, 2025

Modified: Jan 29, 2026

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.

Vendor	Product	Versions
Unknown	ring	affected `0 - < 0.17.12`
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 10	All versions
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat Enterprise Linux 8	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat Enterprise Linux 9	All versions
Red Hat	Red Hat OpenShift Container Platform 4	All versions
Red Hat	Red Hat Satellite 6	All versions
Red Hat	Red Hat Satellite 6	All versions
Red Hat	Red Hat Trusted Artifact Signer	All versions
Red Hat	Red Hat Trusted Artifact Signer	All versions
Red Hat	Red Hat Trusted Profile Analyzer	All versions