Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35784

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.

Published

2023-06-16T20:15:09.493

Last Modified

2024-11-21T08:08:41.820

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-415
CWE-416

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openbsd	libressl	< 3.6.3	Yes
Application	openbsd	libressl	< 3.7.3	Yes
Operating System	openbsd	openbsd	7.2	Yes
Operating System	openbsd	openbsd	7.3	Yes

References

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt Release Notes ([email protected])
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt Release Notes ([email protected])
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig Patch ([email protected])
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig Patch ([email protected])
https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54 ([email protected])
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig Patch (af854a3a-2127-422b-91ae-364da2661108)
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54 (af854a3a-2127-422b-91ae-364da2661108)