CVE-2024-2511Improperly Controlled Sequential Memory Allocation in Openssl

CWE-1325Improperly Controlled Sequential Memory AllocationCWE-400Uncontrolled Resource Consumption19 documents10 sources
Severity
5.9MEDIUMNVD
OSV7.4
EPSS
3.0%
top 13.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
22
OpensslTianocore Edk2Debian Openssl+19 more
Timeline
PublishedApr 8
Latest updateNov 28

Description

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain condition

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages25 packages

debiandebian/openssl< openssl 3.0.14-1~deb12u1 (bookworm)
CVEListV5openssl/openssl3.2.03.2.2+3
Alpineopenssl/openssl< 3.0.12-r5+6
Debianopenssl/openssl< 1.1.1w-0+deb11u2+3
Ubuntuopenssl/openssl< 1.1.1f-1ubuntu2.23+2

🔴Vulnerability Details

6
OSV
edk2 regression2025-11-28
OSV
edk2 vulnerabilities2025-11-26
OSV
openssl vulnerabilities2024-07-31
OSV
CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv12024-04-08
OSV
CVE-2024-2511: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv12024-04-08

📋Vendor Advisories

11
Ubuntu
EDK II regression2025-11-28
Ubuntu
EDK II vulnerabilities2025-11-26
CISA ICS
Siemens SCALANCE W7002025-02-13
CISA ICS
Siemens SINEC INS2024-11-14
CISA ICS
Siemens SCALANCE M-800 Family2024-11-14

💬Community

1
HackerOne
Unbounded memory growth with session handling in TLSv1.32024-09-22
CVE-2024-2511 — Openssl vulnerability | cvebase