CVE-2025-24898: 
Rust vulnerability analysis and mitigation

CVE-2025-24898 affects rust-openssl, a set of OpenSSL bindings for the Rust programming language. The vulnerability was discovered in versions prior to 0.10.70 and was disclosed on February 2, 2025. The issue involves a use-after-free vulnerability in the ssl::select_next_proto function, which can return a slice pointing into the server argument's buffer but with an incorrect lifetime bound (GitHub Advisory, NVD).

The vulnerability occurs in the ssl::select_next_proto function where it can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. This becomes problematic in situations where the server buffer's lifetime is shorter than the client buffer's. The vulnerability has been assigned a CVSS v4.0 base score of 6.3 (Medium) with the vector string CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N. The issue is classified as CWE-416 (Use After Free) (Red Hat, GitHub Advisory).

The vulnerability can cause the server to crash or return arbitrary memory contents to the client when exploited. This particularly affects scenarios where the server buffer is constructed within the callback of SslContextBuilder::setalpnselect_callback (GitHub Advisory).

The vulnerability has been fixed in rust-openssl version 0.10.70, which properly constrains the output buffer's lifetime to that of both input buffers. Users are advised to upgrade to this version or later. For standard usage of ssl::selectnextproto in the callback passed to SslContextBuilder::setalpnselect_callback, code is only affected if the server buffer is constructed within the callback (Debian Security, GitHub Advisory).