Vulnerability Description
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Libressl | < 3.6.3 |
| Openbsd | Openbsd | 7.2 |
Related Weaknesses (CWE)
References
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txtRelease Notes
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txtRelease Notes
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sigPatch
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sigPatch
- https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7ce
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txtRelease Notes
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txtRelease Notes
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sigPatch
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sigPatch
- https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7ce
FAQ
What is CVE-2023-35784?
CVE-2023-35784 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affect...
How severe is CVE-2023-35784?
CVE-2023-35784 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-35784?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Libressl, Openbsd Openbsd.