Miggo Logo
Miggo Vulnerability Database
GHSA-4fcv-w3qc-ppgg

GHSA-4fcv-w3qc-ppgg: rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-4fcv-w3qc-ppgg
EPSS Score
-
CWE
CWE-416
Published
4/4/2025
Updated
4/4/2025
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
opensslrust>= 0.10.39, < 0.10.720.10.72

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis involved examining the patches provided and understanding the changes made to fix the vulnerability. The functions Cipher::fetch and Md::fetch were identified as vulnerable due to their improper handling of the properties argument, leading to a use-after-free. The patches directly point to these functions as the locations of the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n * `Som*(...)` v*lu* w*s p*ss** to t** `prop*rti*s` *r*um*nt o* *it**r o* t**s* *un*tions, * us*-**t*r-*r** woul* r*sult. In pr**ti** t*is woul* n**rly *lw*ys r*sult in Op*nSSL tr**tin* t** prop*rti*s *s *n *mpty strin* (*u* to `*Strin*::*rop`'s

Reasoning

T** *n*lysis involv** *x*minin* t** p*t***s provi*** *n* un**rst*n*in* t** ***n**s m*** to *ix t** vuln*r**ility. T** *un*tions `*ip**r::**t**` *n* `M*::**t**` w*r* i**nti*i** *s vuln*r**l* *u* to t**ir improp*r **n*lin* o* t** `prop*rti*s` *r*um*nt,