Vulnerability Description
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2025-4432
- https://bugzilla.redhat.com/show_bug.cgi?id=2350655
- https://github.com/briansmith/ring
- https://github.com/briansmith/ring/blob/main/RELEASES.md#version-01712-2025-03-0
- https://github.com/briansmith/ring/commit/ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b
- https://github.com/briansmith/ring/pull/2447
- https://rustsec.org/advisories/RUSTSEC-2025-0009.html
FAQ
What is CVE-2025-4432?
CVE-2025-4432 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially craf...
How severe is CVE-2025-4432?
CVE-2025-4432 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-4432?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.