CVE-2023-35784
Summary
| CVE | CVE-2023-35784 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-16 20:15:00 UTC |
| Updated | 2023-11-06 22:15:00 UTC |
| Description | A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. |
Risk And Classification
Problem Types: CWE-415
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| add missing pointer invalidation · libressl/openbsd@e42d8f4 · GitHub | MISC | github.com | |
| ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt | MISC | ftp.openbsd.org | |
| ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig | MISC | ftp.openbsd.org | |
| Add missing pointer invalidation · libressl/openbsd@1d6680b · GitHub | MISC | github.com | |
| add missing pointer invalidation · libressl/openbsd@96094ca · GitHub | MISC | github.com | |
| ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig | MISC | ftp.openbsd.org | |
| ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt | MISC | ftp.openbsd.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.