Medium severity5.3OSV Advisory· Published May 9, 2025· Updated Apr 15, 2026
CVE-2025-4432
CVE-2025-4432
Description
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ringcrates.io | < 0.17.12 | 0.17.12 |
Affected products
124- osv-coords123 versionspkg:apk/chainguard/atuinpkg:apk/chainguard/buck2pkg:apk/chainguard/cargo-auditpkg:apk/chainguard/cargo-audit-docpkg:apk/chainguard/denopkg:apk/chainguard/fnmpkg:apk/chainguard/kdashpkg:apk/chainguard/libwasmtimepkg:apk/chainguard/linkerd2-proxypkg:apk/chainguard/linkerd-extension-initpkg:apk/chainguard/lycheepkg:apk/chainguard/ntpd-rspkg:apk/chainguard/nushellpkg:apk/chainguard/nushell-pluginspkg:apk/chainguard/orandapkg:apk/chainguard/parseablepkg:apk/chainguard/pixipkg:apk/chainguard/pixi-compatpkg:apk/chainguard/py3.10-uv-buildpkg:apk/chainguard/py3.10-uv-build-binpkg:apk/chainguard/py3.11-uv-buildpkg:apk/chainguard/py3.11-uv-build-binpkg:apk/chainguard/py3.12-uv-buildpkg:apk/chainguard/py3.12-uv-build-binpkg:apk/chainguard/py3.13-uv-buildpkg:apk/chainguard/py3.13-uv-build-binpkg:apk/chainguard/py3-supported-uv-buildpkg:apk/chainguard/qdrantpkg:apk/chainguard/qdrant-oci-compatpkg:apk/chainguard/qdrant-oci-entrypointpkg:apk/chainguard/rustls-ffipkg:apk/chainguard/rustls-ffi-devpkg:apk/chainguard/rustuppkg:apk/chainguard/ryepkg:apk/chainguard/samplypkg:apk/chainguard/sccachepkg:apk/chainguard/shadowsocks-rustpkg:apk/chainguard/shadowsocks-rust-sslocalpkg:apk/chainguard/shadowsocks-rust-ssmanagerpkg:apk/chainguard/shadowsocks-rust-ssserverpkg:apk/chainguard/shadowsocks-rust-ssservicepkg:apk/chainguard/shadowsocks-rust-ssurlpkg:apk/chainguard/sqlxpkg:apk/chainguard/tealdeerpkg:apk/chainguard/uvpkg:apk/chainguard/wadmpkg:apk/chainguard/washpkg:apk/chainguard/wasmcloudpkg:apk/chainguard/wasm-packpkg:apk/chainguard/wasmtimepkg:apk/chainguard/wasmtime-devpkg:apk/chainguard/xhpkg:apk/chainguard/zedpkg:apk/chainguard/zizmorpkg:apk/chainguard/zolapkg:apk/chainguard/ztunnel-1.24pkg:apk/chainguard/ztunnel-1.24-compatpkg:apk/chainguard/ztunnel-1.25pkg:apk/chainguard/ztunnel-1.25-compatpkg:apk/chainguard/ztunnel-fips-1.24pkg:apk/chainguard/ztunnel-fips-1.24-compatpkg:apk/chainguard/ztunnel-fips-1.25pkg:apk/chainguard/ztunnel-fips-1.25-compatpkg:apk/wolfi/atuinpkg:apk/wolfi/buck2pkg:apk/wolfi/cargo-auditpkg:apk/wolfi/cargo-audit-docpkg:apk/wolfi/denopkg:apk/wolfi/kdashpkg:apk/wolfi/libwasmtimepkg:apk/wolfi/linkerd2-proxypkg:apk/wolfi/linkerd-extension-initpkg:apk/wolfi/lycheepkg:apk/wolfi/ntpd-rspkg:apk/wolfi/nushellpkg:apk/wolfi/nushell-pluginspkg:apk/wolfi/orandapkg:apk/wolfi/parseablepkg:apk/wolfi/pixipkg:apk/wolfi/pixi-compatpkg:apk/wolfi/py3.10-uv-buildpkg:apk/wolfi/py3.10-uv-build-binpkg:apk/wolfi/py3.11-uv-buildpkg:apk/wolfi/py3.11-uv-build-binpkg:apk/wolfi/py3.12-uv-buildpkg:apk/wolfi/py3.12-uv-build-binpkg:apk/wolfi/py3.13-uv-buildpkg:apk/wolfi/py3.13-uv-build-binpkg:apk/wolfi/py3-supported-uv-buildpkg:apk/wolfi/qdrantpkg:apk/wolfi/qdrant-oci-compatpkg:apk/wolfi/qdrant-oci-entrypointpkg:apk/wolfi/rustls-ffipkg:apk/wolfi/rustls-ffi-devpkg:apk/wolfi/rustuppkg:apk/wolfi/ryepkg:apk/wolfi/samplypkg:apk/wolfi/sccachepkg:apk/wolfi/shadowsocks-rustpkg:apk/wolfi/shadowsocks-rust-sslocalpkg:apk/wolfi/shadowsocks-rust-ssmanagerpkg:apk/wolfi/shadowsocks-rust-ssserverpkg:apk/wolfi/shadowsocks-rust-ssservicepkg:apk/wolfi/shadowsocks-rust-ssurlpkg:apk/wolfi/sqlxpkg:apk/wolfi/tealdeerpkg:apk/wolfi/uvpkg:apk/wolfi/wadmpkg:apk/wolfi/washpkg:apk/wolfi/wasmcloudpkg:apk/wolfi/wasm-packpkg:apk/wolfi/wasmtimepkg:apk/wolfi/wasmtime-devpkg:apk/wolfi/xhpkg:apk/wolfi/zedpkg:apk/wolfi/zizmorpkg:apk/wolfi/zolapkg:apk/wolfi/ztunnel-1.24pkg:apk/wolfi/ztunnel-1.24-compatpkg:apk/wolfi/ztunnel-1.25pkg:apk/wolfi/ztunnel-1.25-compatpkg:cargo/ringpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 18.4.0-r1+ 122 more
- (no CPE)range: < 18.4.0-r1
- (no CPE)range: < 20251101-r0
- (no CPE)range: < 0.21.2-r4
- (no CPE)range: < 0.21.2-r4
- (no CPE)range: < 2.2.3-r1
- (no CPE)range: < 1.38.1-r2
- (no CPE)range: < 0.6.2-r1
- (no CPE)range: < 30.0.2-r1
- (no CPE)range: < 2.285.0-r1
- (no CPE)range: < 0.1.2-r31
- (no CPE)range: < 0.18.1-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 0.102.0-r1
- (no CPE)range: < 0.102.0-r1
- (no CPE)range: < 0.6.5-r3
- (no CPE)range: < 1.7.3-r1
- (no CPE)range: < 0.42.1-r1
- (no CPE)range: < 0.42.1-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 1.13.4-r1
- (no CPE)range: < 1.13.4-r1
- (no CPE)range: < 1.13.4-r1
- (no CPE)range: < 0.14.1-r4
- (no CPE)range: < 0.14.1-r4
- (no CPE)range: < 1.28.1-r1
- (no CPE)range: < 0.44.0-r1
- (no CPE)range: < 0.13.1-r1
- (no CPE)range: < 0.10.0-r1
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 0.8.5-r2
- (no CPE)range: < 1.7.1-r3
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.21.0-r0
- (no CPE)range: < 0.39.0-r1
- (no CPE)range: < 1.6.2-r1
- (no CPE)range: < 0.13.1-r2
- (no CPE)range: < 30.0.2-r1
- (no CPE)range: < 30.0.2-r1
- (no CPE)range: < 0.24.0-r1
- (no CPE)range: < 0.178.5-r0
- (no CPE)range: < 1.5.1-r0
- (no CPE)range: < 0.20.0-r1
- (no CPE)range: < 1.24.3-r2
- (no CPE)range: < 1.24.3-r2
- (no CPE)range: < 1.25.2-r1
- (no CPE)range: < 1.25.2-r1
- (no CPE)range: < 1.24.5-r1
- (no CPE)range: < 1.24.5-r1
- (no CPE)range: < 1.25.2-r1
- (no CPE)range: < 1.25.2-r1
- (no CPE)range: < 18.4.0-r1
- (no CPE)range: < 20251101-r0
- (no CPE)range: < 0.21.2-r4
- (no CPE)range: < 0.21.2-r4
- (no CPE)range: < 2.2.3-r1
- (no CPE)range: < 0.6.2-r1
- (no CPE)range: < 30.0.2-r1
- (no CPE)range: < 2.285.0-r1
- (no CPE)range: < 0.1.2-r31
- (no CPE)range: < 0.18.1-r1
- (no CPE)range: < 1.5.0-r1
- (no CPE)range: < 0.102.0-r1
- (no CPE)range: < 0.102.0-r1
- (no CPE)range: < 0.6.5-r3
- (no CPE)range: < 1.7.3-r1
- (no CPE)range: < 0.42.1-r1
- (no CPE)range: < 0.42.1-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 1.13.4-r1
- (no CPE)range: < 1.13.4-r1
- (no CPE)range: < 1.13.4-r1
- (no CPE)range: < 0.14.1-r4
- (no CPE)range: < 0.14.1-r4
- (no CPE)range: < 1.28.1-r1
- (no CPE)range: < 0.44.0-r1
- (no CPE)range: < 0.13.1-r1
- (no CPE)range: < 0.10.0-r1
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 1.22.0-r2
- (no CPE)range: < 0.8.5-r2
- (no CPE)range: < 1.7.1-r3
- (no CPE)range: < 0.6.6-r1
- (no CPE)range: < 0.21.0-r0
- (no CPE)range: < 0.39.0-r1
- (no CPE)range: < 1.6.2-r1
- (no CPE)range: < 0.13.1-r2
- (no CPE)range: < 30.0.2-r1
- (no CPE)range: < 30.0.2-r1
- (no CPE)range: < 0.24.0-r1
- (no CPE)range: < 0.178.5-r0
- (no CPE)range: < 1.5.1-r0
- (no CPE)range: < 0.20.0-r1
- (no CPE)range: < 1.24.6-r0
- (no CPE)range: < 1.24.6-r0
- (no CPE)range: < 1.25.2-r1
- (no CPE)range: < 1.25.2-r1
- (no CPE)range: < 0.17.12
- (no CPE)range: < 0.0.20250515T200012-1.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-4p46-pwfr-66x6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-4432ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-4432nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/briansmith/ring/blob/main/RELEASES.mdnvdWEB
- github.com/briansmith/ring/commit/ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b38nvdWEB
- github.com/briansmith/ring/pull/2447nvdWEB
- rustsec.org/advisories/RUSTSEC-2025-0009.htmlnvdWEB
News mentions
0No linked articles in our index yet.