CVE-2025-4432
Ring: some aes functions may panic when overflow checking is enabled in ring
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
09 mai 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Produtos afetados
ringRed Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat In-Vehicle Operating System 1Red Hat · Red Hat OpenShift Container Platform 4Red Hat · Red Hat Satellite 6Red Hat · Red Hat Trusted Artifact SignerRed Hat · Red Hat Trusted Profile AnalyzerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/security/cve/CVE-2025-4432https://bugzilla.redhat.com/show_bug.cgi?id=2350655https://github.com/advisories/GHSA-4p46-pwfr-66x6https://github.com/briansmith/ringhttps://github.com/briansmith/ring/blob/main/RELEASES.md#version-01712-2025-03-05https://github.com/briansmith/ring/commit/ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b38https://github.com/briansmith/ring/pull/2447https://rustsec.org/advisories/RUSTSEC-2025-0009.html