CVE-2024-2511
published 2024-04-08CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may…
PriorityP349medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
54.03%
98.9th percentile
Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1.3 sessions
Impact summary: An attacker may exploit certain server configurations to trigger
unbounded memory growth that would lead to a Denial of Service
This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
being used (but not if early_data support is also configured and the default
anti-replay protection is in use). In this case, under certain conditions, the
session cache can get into an incorrect state and it will fail to flush properly
as it fills. The session cache will continue to grow in an unbounded manner. A
malicious client could deliberately create the scenario for this failure to
force a Denial of Service. It may also happen by accident in normal operation.
This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS
clients.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL
1.0.2 is also not affected by this issue.
Affected
42 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 3.0.14-1~deb12u1 (bookworm) | openssl 3.0.14-1~deb12u1 (bookworm) |
| msrc | azl3_cloud-hypervisor-cvm_38.0.72-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_cloud-hypervisor-cvm_38.0.72.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_edk2_20240524git3e722403cd16-8_on_azure_linux_3.0 | — | — |
| msrc | azl3_nodejs_20.10.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_nodejs_20.14.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_openssl_3.1.4-9_on_azure_linux_3.0 | — | — |
| msrc | azl3_openssl_3.3.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_qemu_8.2.0-16_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_cloud-hypervisor-cvm_38.0.72-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cloud-hypervisor-cvm_38.0.72.2-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_hvloader_1.0.1-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_hvloader_1.0.1-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_nodejs18_18.18.2-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_openssl_1.1.1k-30_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_openssl_1.1.1k-36_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| openssl | openssl | >= 0 < 3.0.12-r5 | 3.0.12-r5 |
| openssl | openssl | >= 0 < 3.1.4-r6 | 3.1.4-r6 |
| openssl | openssl | >= 0 < 3.1.4-r6 | 3.1.4-r6 |
| openssl | openssl | >= 0 < 3.2.1-r2 | 3.2.1-r2 |
| openssl | openssl | >= 0 < 3.2.1-r2 | 3.2.1-r2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target servers must have TLSv1.3 enabled with the non-default SSL_OP_NO_TICKET option set; detect exploitation by monitoring for unbounded/continuous growth of the TLS session cache on the server process. ↗
- →Only TLS servers (not clients) running TLSv1.3 are affected; scope detection/monitoring to server-side OpenSSL processes with TLSv1.3 session handling. ↗
- →A malicious client can deliberately and repeatedly trigger the session cache corruption to force DoS; monitor for abnormal memory growth in OpenSSL-linked server processes accepting TLSv1.3 connections. ↗
- ·Vulnerability is only triggered when the non-default SSL_OP_NO_TICKET option is enabled on the TLS server; servers using default ticket-based session resumption are NOT vulnerable. ↗
- ·OpenSSL 1.0.2 and the FIPS modules in versions 3.0, 3.1, and 3.2 are NOT affected; focus detection on OpenSSL 1.1.x and 3.x non-FIPS builds. ↗
- ·If early_data support is configured alongside SSL_OP_NO_TICKET and the default anti-replay protection is active, the vulnerability does NOT apply. ↗
- ·Red Hat Enterprise Linux 7 (OpenSSL 1.0.2) is confirmed not affected; RHEL 8 and 9 fixes are deferred — treat those systems as unpatched until updated. ↗
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.4HIGH
vendor_oracle7.5MEDIUM
vendor_ubuntu7.4HIGH
vendor_debian5.9MEDIUM
vendor_msrc5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
edk2 regression
osv·2025-11-28·CVSS 7.4
CVE-2023-45236 [HIGH] edk2 regression
edk2 regression
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that
OSV
edk2 vulnerabilities
osv·2025-11-26·CVSS 7.4
CVE-2023-45236 [HIGH] edk2 vulnerabilities
edk2 vulnerabilities
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-38
OSV
openssl vulnerabilities
osv·2024-07-31·CVSS 5.9
CVE-2024-2511 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when
certain non-default TLS server configurations were in use. A remote
attacker could possibly use this issue to cause OpenSSL to consume
resources, leading to a denial of service. (CVE-2024-2511)
It was discovered that OpenSSL incorrectly handled checking excessively
long DSA keys or parameters. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-4603)
William Ahern discovered that OpenSSL incorrectly handled certain memory
operations in a rarely-used API. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service,
OSV
CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1
osv·2024-04-08·CVSS 5.9
CVE-2024-2511 [MEDIUM] CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident i
OSV
CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1
osv·2024-04-08·CVSS 5.9
CVE-2024-2511 [MEDIUM] CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1
Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1.3 sessions
Impact summary: An attacker may exploit certain server configurations to trigger
unbounded memory growth that would lead to a Denial of Service
This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
being used (but not if early_data support is also configured and the default
anti-replay protection is in use). In this case, under certain conditions, the
session cache can get into an incorrect state and it will fail to flush properly
as it fills. The session cache will continue to grow in an unbounded manner. A
malicious client could deliberately create the scenario for this failure to
force a Denial of Service. It may also happen by accident
GHSA
GHSA-299c-jvhc-gxj8: Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1
ghsa_unreviewed·2024-04-08
CVE-2024-2511 [MEDIUM] CWE-1325 GHSA-299c-jvhc-gxj8: Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1
Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1.3 sessions
Impact summary: An attacker may exploit certain server configurations to trigger
unbounded memory growth that would lead to a Denial of Service
This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
being used (but not if early_data support is also configured and the default
anti-replay protection is in use). In this case, under certain conditions, the
session cache can get into an incorrect state and it will fail to flush properly
as it fills. The session cache will continue to grow in an unbounded manner. A
malicious client could deliberately create the scenario for this failure to
force a Denial of Service. It may also happen by accident
Ubuntu
EDK II regression
vendor_ubuntu·2025-11-28·CVSS 5.8
CVE-2023-45236 [MEDIUM] EDK II regression
Title: EDK II regression
Summary: USN-7894-1 introduced a regression in EDK II
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS
Ubuntu
EDK II vulnerabilities
vendor_ubuntu·2025-11-26·CVSS 7.4
CVE-2023-45236 [HIGH] EDK II vulnerabilities
Title: EDK II vulnerabilities
Summary: Several security issues were fixed in EDK II.
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue o
CISA ICS
Siemens SCALANCE W700
cisa_ics·2025-02-13
Siemens SCALANCE W700
ICS Advisory
##
Siemens SCALANCE W700
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-09
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE W700
- Vulnerabilities: Double Free, Improper Restriction of Communication Channel to Intended Endpoints, Improper Resource Sh
CISA ICS
Siemens SINEC INS
cisa_ics·2024-11-14
Siemens SINEC INS
ICS Advisory
##
Siemens SINEC INS
Release DateNovember 14, 2024
Alert CodeICSA-24-319-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.9
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation
- Vendor: Siemens
- Equipment: SINEC INS
- Vulnerabilities: Improper Authentication, Out-of-bounds Write, Ineffici
CISA ICS
Siemens SCALANCE M-800 Family
cisa_ics·2024-11-14
Siemens SCALANCE M-800 Family
ICS Advisory
##
Siemens SCALANCE M-800 Family
Release DateNovember 14, 2024
Alert CodeICSA-24-319-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE M-800 Family
- Vulnerabilities: Out-of-bounds Read, Missing Encryption of Sensitive Data, Integer Overflow or Wraparou
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Common (OpenSSL) — CVE-2024-2511
vendor_oracle·2024-10-15·CVSS 7.5
CVE-2024-2511 [MEDIUM] Oracle Oracle Financial Services Applications Risk Matrix: Common (OpenSSL) — CVE-2024-2511
Oracle Oracle Financial Services Applications Risk Matrix: Common (OpenSSL) vulnerability
CVE: CVE-2024-2511
CVSS: 7.5
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2024 (OCT 2024)
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2024-07-31·CVSS 5.9
CVE-2024-4741 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when
certain non-default TLS server configurations were in use. A remote
attacker could possibly use this issue to cause OpenSSL to consume
resources, leading to a denial of service. (CVE-2024-2511)
It was discovered that OpenSSL incorrectly handled checking excessively
long DSA keys or parameters. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-4603)
William Ahern discovered that OpenSSL incorrectly handled certain memory
operations in a rarely-used API. A remote attacker could use this iss
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Common (OpenSSL) — CVE-2024-2511
vendor_oracle·2024-07-15·CVSS 7.5
CVE-2024-2511 [MEDIUM] Oracle Oracle Financial Services Applications Risk Matrix: Common (OpenSSL) — CVE-2024-2511
Oracle Oracle Financial Services Applications Risk Matrix: Common (OpenSSL) vulnerability
CVE: CVE-2024-2511
CVSS: 7.5
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2024 (JUL 2024)
Microsoft
Unbounded memory growth with session handling in TLSv1.3
vendor_msrc·2024-04-09·CVSS 5.9
CVE-2024-2511 [MEDIUM] CWE-1325 Unbounded memory growth with session handling in TLSv1.3
Unbounded memory growth with session handling in TLSv1.3
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
openssl: openssl
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://
Red Hat
openssl: Unbounded memory growth with session handling in TLSv1.3
vendor_redhat·2024-04-08·CVSS 5.9
CVE-2024-2511 [MEDIUM] CWE-400 openssl: Unbounded memory growth with session handling in TLSv1.3
openssl: Unbounded memory growth with session handling in TLSv1.3
Issue summary: Some non-default TLS server configurations can cause unbounded
memory growth when processing TLSv1.3 sessions
Impact summary: An attacker may exploit certain server configurations to trigger
unbounded memory growth that would lead to a Denial of Service
This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is
being used (but not if early_data support is also configured and the default
anti-replay protection is in use). In this case, under certain conditions, the
session cache can get into an incorrect state and it will fail to flush properly
as it fills. The session cache will continue to grow in an unbounded manner. A
malicious client could deliberately create the scenario for this fai
Debian
CVE-2024-2511: openssl - Issue summary: Some non-default TLS server configurations can cause unbounded me...
vendor_debian·2024·CVSS 5.9
CVE-2024-2511 [MEDIUM] CVE-2024-2511: openssl - Issue summary: Some non-default TLS server configurations can cause unbounded me...
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident i
No detection rules found.
No public exploits indexed.
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bcehttps://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5dhttps://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640https://www.openssl.org/news/secadv/20240408.txthttp://www.openwall.com/lists/oss-security/2024/04/08/5https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bcehttps://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5dhttps://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640https://lists.debian.org/debian-lts-announce/2024/10/msg00033.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00000.htmlhttps://security.netapp.com/advisory/ntap-20240503-0013/https://www.openssl.org/news/secadv/20240408.txthttps://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-354112.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-398330.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-613116.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-769027.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-915275.html
2024-04-08
Published