INFSA-2025:7317: python3.12-cryptography security update
Information about definition
Identificator: INFSA-2025:7317
Type: security
Release date: 2025-06-10 09:12:48 UTC
Information about package
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Vulnerabilities description
- CVE-2025-24898
A flaw was found in the rust-openssl package. In certain versions, ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cause a use-after-free error. This could cause the server to crash or return arbitrary memory contents to the client.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-24898
|
no information | 4.8 | no information |
Updated packages