INFSA-2025:7160: bootc security update
Information about definition
Identificator: INFSA-2025:7160
Type: security
Release date: 2025-06-10 11:37:04 UTC
Information about package
Bootable container system
Vulnerabilities description
- CVE-2025-24898
A flaw was found in the rust-openssl package. In certain versions, ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cause a use-after-free error. This could cause the server to crash or return arbitrary memory contents to the client.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-24898
|
no information | 4.8 | no information |
Updated packages