CVE-2023-35784

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenBSD versions 7.2 before errata 026 OpenBSD versions 7.3 before errata 004 LibreSSL versions prior to 3.6.3 LibreSSL versions 3.7.x prior to 3.7.3

Description A double free or use after free could occur after SSL clear. This issue does not affect OpenSSL.

Recommendations For OpenBSD version 7.2, apply errata 026 to resolve the issue. For OpenBSD version 7.3, apply errata 004 to resolve the issue. For LibreSSL version prior to 3.6.3, update to version 3.6.3 or later to resolve the issue. For LibreSSL version 3.7.x prior to 3.7.3, update to version 3.7.3 or later to resolve the issue.

Fix

Double Free

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415CWE-416

Related Identifiers

ALT-PU-2023-1902

ALT-PU-2023-4398

ALT-PU-2023-5593

CVE-2023-35784

Affected Products

Alt Linux

Libressl

Openbsd

CVE-2023-35784

Weakness Enumeration

Related Identifiers

Affected Products

References · 10