CVE-2023-35784 — Double Free in Libressl

CWE-415 — Double Free CWE-416 — Use After Free3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 65.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Libressl Openbsd

Timeline

PublishedJun 16

Description

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDopenbsd/libressl3.7.0 — 3.7.3+1

▶NVDopenbsd/openbsd7.2, 7.3+1

Patches

Patch: ftp.openbsd.org ↗Patch: ftp.openbsd.org ↗Patch: ftp.openbsd.org ↗

🔴Vulnerability Details

GHSA

GHSA-w423-44w8-64mh: A double free or use after free could occur after SSL_clear in OpenBSD 7↗2023-06-16

▶

CVEList

CVE-2023-35784: A double free or use after free could occur after SSL_clear in OpenBSD 7↗2023-06-16

▶