A flaw was found in the rust-openssl package. In certain versions, ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cause a use-after-free error. This could cause the server to crash or return arbitrary memory contents to the client.