CVE-2024-5535
published 2024-06-27CVE-2024-5535: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to…
PriorityP262critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
5.58%
91.9th percentile
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory contents to
be sent to the peer.
Impact summary: A buffer overread can have a range of potential consequences
such as unexpected application beahviour or a crash. In particular this issue
could result in up to 255 bytes of arbitrary private data from memory being sent
to the peer leading to a loss of confidentiality. However, only applications
that directly call the SSL_select_next_proto function with a 0 length list of
supported client protocols are affected by this issue. This would normally never
be a valid scenario and is typically not under attacker control but may occur by
accident in the case of a configuration or programming error in the calling
application.
The OpenSSL API function SSL_select_next_proto is typically used by TLS
applications that support ALPN (Application Layer Protocol Negotiation) or NPN
(Next Protocol Negotiation). NPN is older, was never standardised and
is deprecated in favour of ALPN. We believe that ALPN is significantly more
widely deployed than NPN. The SSL_select_next_proto function accepts a list of
protocols from the server and a list of protocols from the client and returns
the first protocol that appears in the server list that also appears in the
client list. In the case of no overlap between the two lists it returns the
first item in the client list. In either case it will signal whether an overlap
between the two lists was found. In the case where SSL_select_next_proto is
called with a zero length client list it fails to notice this condition and
returns the memory immediately following the client list pointer (and reports
that there was no overlap in the lists).
This function is typically called from a server side application callback for
ALPN or a client side application callback for NPN. In the case of ALPN the list
of protocols supplied by the client is guaranteed by libssl
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 3.0.15-1~deb12u1 (bookworm) | openssl 3.0.15-1~deb12u1 (bookworm) |
| debian | pypy3 | < pypy3 7.3.10+dfsg-1 (bookworm) | pypy3 7.3.10+dfsg-1 (bookworm) |
| debian | python2.7 | < pypy3 7.3.10+dfsg-1 (bookworm) | pypy3 7.3.10+dfsg-1 (bookworm) |
| debian | python3.11 | < pypy3 7.3.10+dfsg-1 (bookworm) | pypy3 7.3.10+dfsg-1 (bookworm) |
| debian | python3.13 | < pypy3 7.3.10+dfsg-1 (bookworm) | pypy3 7.3.10+dfsg-1 (bookworm) |
| debian | python3.9 | < pypy3 7.3.10+dfsg-1 (bookworm) | pypy3 7.3.10+dfsg-1 (bookworm) |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | microsoft_defender_for_endpoint_for_android | — | — |
| msrc | microsoft_defender_for_endpoint_for_ios | — | — |
| openssl | openssl | >= 0 < 3.0.14-r0 | 3.0.14-r0 |
| openssl | openssl | >= 0 < 3.1.6-r0 | 3.1.6-r0 |
| openssl | openssl | >= 0 < 3.1.6-r0 | 3.1.6-r0 |
| openssl | openssl | >= 0 < 3.3.1-r1 | 3.3.1-r1 |
| openssl | openssl | >= 0 < 3.3.1-r1 | 3.3.1-r1 |
| openssl | openssl | >= 0 < 3.3.1-r1 | 3.3.1-r1 |
| openssl | openssl | >= 0 < 3.3.1-r1 | 3.3.1-r1 |
| openssl | openssl | >= 0 < 1.1.1w-0+deb11u2 | 1.1.1w-0+deb11u2 |
| openssl | openssl | >= 0 < 3.0.15-1~deb12u1 | 3.0.15-1~deb12u1 |
| openssl | openssl | >= 0 < 3.3.2-1 | 3.3.2-1 |
| openssl | openssl | >= 0 < 3.3.2-1 | 3.3.2-1 |
| openssl | openssl | >= 0 < 1.1.1f-1ubuntu2.23 | 1.1.1f-1ubuntu2.23 |
| openssl | openssl | >= 0 < 3.0.2-0ubuntu1.17 | 3.0.2-0ubuntu1.17 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect calls to SSL_select_next_proto with a zero-length client protocol list (client_len == 0), which triggers the buffer overread condition ↗
- →Flag TLS applications using NPN (Next Protocol Negotiation) callbacks where SSL_select_next_proto is invoked with a client_len of 0, as this leads to an invalid memory pointer being returned and potential memory disclosure ↗
- →In Python/CPython environments, detect use of SSLContext.set_npn_protocols() configured with an empty list ('[]'), which passes a zero-length buffer to the underlying OpenSSL SSL_select_next_proto API ↗
- →Monitor for up to 255 bytes of arbitrary memory being transmitted to a TLS peer during ALPN/NPN negotiation, which may indicate exploitation of this buffer overread ↗
- ·Only applications that directly call SSL_select_next_proto with a zero-length client protocol list are vulnerable; this is typically a misconfiguration or programming error, not a condition under attacker control ↗
- ·ALPN-based applications are significantly less likely to be vulnerable because libssl guarantees the client-supplied protocol list is never zero-length in ALPN; NPN-based applications are the primary risk ↗
- ·The FIPS modules in OpenSSL versions 3.3, 3.2, 3.1, and 3.0 are not affected by this issue ↗
- ·The shim and shim-unsigned-x64 packages are not impacted because the affected OpenSSL code path is not utilized by those packages ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
osv9.1CRITICAL
vendor_debian9.1CRITICAL
vendor_msrc9.1CRITICAL
vendor_oracle9.1CRITICAL
vendor_redhat9.1CRITICAL
vendor_ubuntu7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenSSL up to 3.3.1 Client Protocol SSL_select_next_proto client/client_len memory corruption (Nessus ID 208438 / WID-SEC-2024-1469)
vuldb·2026-06-22·CVSS 9.1
CVE-2024-5535 [CRITICAL] OpenSSL up to 3.3.1 Client Protocol SSL_select_next_proto client/client_len memory corruption (Nessus ID 208438 / WID-SEC-2024-1469)
A vulnerability identified as critical has been detected in OpenSSL up to 3.3.1. This impacts the function SSL_select_next_proto of the component Client Protocol Handler. Performing a manipulation of the argument client/client_len results in memory corruption.
This vulnerability is reported as CVE-2024-5535. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
OSV
edk2 regression
osv·2025-11-28·CVSS 7.4
CVE-2023-45236 [HIGH] edk2 regression
edk2 regression
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that
OSV
edk2 vulnerabilities
osv·2025-11-26·CVSS 7.4
CVE-2023-45236 [HIGH] edk2 vulnerabilities
edk2 vulnerabilities
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-38
OSV
openssl vulnerabilities
osv·2024-07-31·CVSS 5.9
CVE-2024-2511 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when
certain non-default TLS server configurations were in use. A remote
attacker could possibly use this issue to cause OpenSSL to consume
resources, leading to a denial of service. (CVE-2024-2511)
It was discovered that OpenSSL incorrectly handled checking excessively
long DSA keys or parameters. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-4603)
William Ahern discovered that OpenSSL incorrectly handled certain memory
operations in a rarely-used API. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service,
GHSA
GHSA-hrvr-7x5w-xpmq: CPython 3
ghsa_unreviewed·2024-06-27·CVSS 9.1
CVE-2024-5642 [CRITICAL] GHSA-hrvr-7x5w-xpmq: CPython 3
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
GHSA
GHSA-4fc7-mvrr-wv2c: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory cont
ghsa_unreviewed·2024-06-27
CVE-2024-5535 [CRITICAL] CWE-125 GHSA-4fc7-mvrr-wv2c: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory cont
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory contents to
be sent to the peer.
Impact summary: A buffer overread can have a range of potential consequences
such as unexpected application beahviour or a crash. In particular this issue
could result in up to 255 bytes of arbitrary private data from memory being sent
to the peer leading to a loss of confidentiality. However, only applications
that directly call the SSL_select_next_proto function with a 0 length list of
supported client protocols are affected by this issue. This would normally never
be a valid scenario and is typically not under attacker control but may occur by
accident in the case of a configuration or programming error in the
OSV
CVE-2024-5535: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory cont
osv·2024-06-27·CVSS 9.1
CVE-2024-5535 [CRITICAL] CVE-2024-5535: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory cont
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory contents to
be sent to the peer.
Impact summary: A buffer overread can have a range of potential consequences
such as unexpected application beahviour or a crash. In particular this issue
could result in up to 255 bytes of arbitrary private data from memory being sent
to the peer leading to a loss of confidentiality. However, only applications
that directly call the SSL_select_next_proto function with a 0 length list of
supported client protocols are affected by this issue. This would normally never
be a valid scenario and is typically not under attacker control but may occur by
accident in the case of a configuration or programming error in the
OSV
CVE-2024-5642: CPython 3
osv·2024-06-27·CVSS 9.1
CVE-2024-5642 [CRITICAL] CVE-2024-5642: CPython 3
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
OSV
CVE-2024-5535: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory cont
osv·2024-06-27·CVSS 9.1
CVE-2024-5535 [CRITICAL] CVE-2024-5535: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory cont
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the
Ubuntu
EDK II regression
vendor_ubuntu·2025-11-28·CVSS 5.8
CVE-2023-45236 [MEDIUM] EDK II regression
Title: EDK II regression
Summary: USN-7894-1 introduced a regression in EDK II
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS
Ubuntu
EDK II vulnerabilities
vendor_ubuntu·2025-11-26·CVSS 7.4
CVE-2023-45236 [HIGH] EDK II vulnerabilities
Title: EDK II vulnerabilities
Summary: Several security issues were fixed in EDK II.
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue o
Oracle
Oracle Oracle Communications Risk Matrix: Routing (OpenSSL) — CVE-2024-5535
vendor_oracle·2025-04-15·CVSS 9.1
CVE-2024-5535 [CRITICAL] Oracle Oracle Communications Risk Matrix: Routing (OpenSSL) — CVE-2024-5535
Oracle Oracle Communications Risk Matrix: Routing (OpenSSL) vulnerability
CVE: CVE-2024-5535
CVSS: 9.1
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2025 (APR 2025)
CISA ICS
Siemens SIDIS Prime
cisa_ics·2025-04-10
Siemens SIDIS Prime
ICS Advisory
##
Siemens SIDIS Prime
Release DateApril 10, 2025
Alert CodeICSA-25-100-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIDIS Prime
- Vulnerabilities: Race Condition Enabling Link Following, Improper Validation of Integrity Check Value, Unchecked Input for Loo
CISA ICS
Siemens SCALANCE W700
cisa_ics·2025-02-13
Siemens SCALANCE W700
ICS Advisory
##
Siemens SCALANCE W700
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-09
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE W700
- Vulnerabilities: Double Free, Improper Restriction of Communication Channel to Intended Endpoints, Improper Resource Sh
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (OpenSSL) — CVE-2024-5535
vendor_oracle·2025-01-15·CVSS 5.9
CVE-2024-5535 [CRITICAL] Oracle Oracle Communications Risk Matrix: Configuration (OpenSSL) — CVE-2024-5535
Oracle Oracle Communications Risk Matrix: Configuration (OpenSSL) vulnerability
CVE: CVE-2024-5535
CVSS: 5.9
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2025 (JAN 2025)
CISA ICS
Siemens SINEC INS
cisa_ics·2024-11-14
Siemens SINEC INS
ICS Advisory
##
Siemens SINEC INS
Release DateNovember 14, 2024
Alert CodeICSA-24-319-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.9
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation
- Vendor: Siemens
- Equipment: SINEC INS
- Vulnerabilities: Improper Authentication, Out-of-bounds Write, Ineffici
Microsoft
OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
vendor_msrc·2024-11-12·CVSS 9.1
CVE-2024-5535 [CRITICAL] CWE-1395 OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread
NIST NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2024-5535
Description: We are republishing this OpenSSL CVE to document that the latest version Microsoft Defender for Endpoint has been updated to protect against this OpenSSL library vulnerability.
FAQ: How could an attacker exploit this vulnerability?
Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
vendor_paloalto·2024-11-07·CVSS 6.8
CVE-2014-0195 [MEDIUM] PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the
CVEs: CVE-2014-0195, CVE-2014-0224, CVE-2014-3509, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2015-0209, CVE-2015-0292, CVE-2015-1789, CVE-2015-1791, CVE-2015-1793, CVE-2015-3194, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2019-1551, CVE-2019-1552, CVE-2019-1559, CVE-2019-1563, CVE-2020-196
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (OpenSSL) — CVE-2024-5535
vendor_oracle·2024-10-15·CVSS 9.1
CVE-2024-5535 [CRITICAL] Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (OpenSSL) — CVE-2024-5535
Oracle Oracle Financial Services Applications Risk Matrix: Accessibility (OpenSSL) vulnerability
CVE: CVE-2024-5535
CVSS: 9.1
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2024 (OCT 2024)
Palo Alto
Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119
vendor_paloalto·2024-08-22·CVSS 9.1
CVE-2024-5535 [CRITICAL] Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119
Informational Bulletin: Impact of OpenSSL Vulnerabilities CVE-2024-5535 and CVE-2024-6119
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-5535 and CVE-2024-6119 as they relate to our products.
PAN-OS, Cloud NGFW, Prisma Access, and Cortex XDR Agent are not affected by CVE-2024-5535 or CVE-2024-6119.
At present, no other Palo Alto Networks products are known to contain the vulnerable software packages and be impacted by these issues.
Affected products: Cloud NGFW, Cortex XDR Agent, PAN-OS, Prisma Access
Solution: No software updates are required at this time.
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2024-07-31·CVSS 5.9
CVE-2024-4741 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when
certain non-default TLS server configurations were in use. A remote
attacker could possibly use this issue to cause OpenSSL to consume
resources, leading to a denial of service. (CVE-2024-2511)
It was discovered that OpenSSL incorrectly handled checking excessively
long DSA keys or parameters. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-4603)
William Ahern discovered that OpenSSL incorrectly handled certain memory
operations in a rarely-used API. A remote attacker could use this iss
Red Hat
python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
vendor_redhat·2024-06-27·CVSS 9.1
CVE-2024-5642 [CRITICAL] CWE-20 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
A vulnerability was found in Python/CPython that does not disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenS
Red Hat
openssl: SSL_select_next_proto buffer overread
vendor_redhat·2024-06-27·CVSS 9.1
CVE-2024-5535 [CRITICAL] CWE-200 openssl: SSL_select_next_proto buffer overread
openssl: SSL_select_next_proto buffer overread
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory contents to
be sent to the peer.
Impact summary: A buffer overread can have a range of potential consequences
such as unexpected application beahviour or a crash. In particular this issue
could result in up to 255 bytes of arbitrary private data from memory being sent
to the peer leading to a loss of confidentiality. However, only applications
that directly call the SSL_select_next_proto function with a 0 length list of
supported client protocols are affected by this issue. This would normally never
be a valid scenario and is typically not under attacker control but may occur by
accident in the case
Debian
CVE-2024-5642: pypy3 - CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SS...
vendor_debian·2024·CVSS 9.1
CVE-2024-5642 [CRITICAL] CVE-2024-5642: pypy3 - CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SS...
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
Scope: local
bookworm: resolved (fixed in 7.3.10+dfsg-1)
bullseye: open
forky: resolved (fixed in 7.3.10+dfsg-1)
sid: resolved (fixed in 7.3.10+dfsg-1)
trixie: resolved (fixed in 7.3.10+dfsg-1)
Debian
CVE-2024-5535: openssl - Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an em...
vendor_debian·2024·CVSS 9.1
CVE-2024-5535 [CRITICAL] CVE-2024-5535: openssl - Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an em...
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the
Palo Alto
Palo Alto Networks Security Advisories
vendor_paloalto·CVSS 9.1
CVE-2024-6119 [CRITICAL] Palo Alto Networks Security Advisories
Palo Alto Networks Security Advisories
CVEs: CVE-2024-5535, CVE-2024-6119
Affected products: Cortex Data, Cortex XDR, Cortex XSIAM, Cortex XSOAR, Cortex Xpanse, GlobalProtect, PAN-OS, Panorama, Prisma Access, Prisma Browser, Prisma Cloud, Prisma SD
No detection rules found.
No public exploits indexed.
Qualys
Oracle Critical Patch Update, April 2026 Security Update Review
blogs_qualys·2026-04-22
CVE-2025-6965 Oracle Critical Patch Update, April 2026 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Oracle released its second quarterly edition of this year’s Critical Patch Update. The update received patches for 481 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 139, constituting about 28% of the total patches released. Oracle Financial Services Applications and Oracle Fusion Middleware followed, with 75 and 59 security patches.
376 of the 481 security patches provided by the April Critical Patch Update (about 78%)
Qualys
Oracle Critical Patch Update, April 2025 Security Update Review
blogs_qualys·2025-04-16
Oracle Critical Patch Update, April 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 s ecurity vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 103, constituting about 27% of the total patches released. Oracle MySQL and Oracle Communications Applications followed, with 43 and 42 security patches.
300 of the 378 security patches provided by the April Critical Patch Update (about 79%) are for non-Ora
Qualys
Oracle Critical Patch Update, April 2025 Security Update Review | Qualys
blogs_qualys·2025-04-16
Oracle Critical Patch Update, April 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 103, constituting about 27% of the total patches released. Oracle MySQL and Oracle Communications Applications followed, with 43 and 42 security patches.
300 of the 378 security patches provided by the April Critical Patch Update (about 79%) are for non
Qualys
Oracle Critical Patch Update, January 2025 Security Update Review
blogs_qualys·2025-01-23
Oracle Critical Patch Update, January 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 85 constituting about 27% of the total patches released. Oracle MySQL and Oracle Financial Services Applications followed,
Qualys
Oracle Critical Patch Update, January 2025 Security Update Review | Qualys
blogs_qualys·2025-01-23
Oracle Critical Patch Update, January 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 85 constituting about 27% of the total patches released. Oracle MySQL and Oracle Financial Services Applications fol
Bleepingcomputer
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
blogs_bleepingcomputer·2024-11-12·CVSS 6.5
[MEDIUM] Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
## Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
## Lawrence Abrams
26 Elevation of Privilege vulnerabilities
2 Security Feature Bypass vulnerabilities
52 Remote Code Execution vulnerabilities
1 Information Disclosure vulnerability
4 Denial of Service vulnerabilities
3 Spoofing vulnerabilities
This count does not include two Edge flaws that were previously fixed on November 7th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5046617 and KB5046633 cumulative updates and the Windows 10 KB5046613 update .
## Four zero-days disclosed
This month's Patch Tuesday fixes four zero-days, two of which were actively exploited in attacks, and three were publicly disclosed.
Microsoft classifies a
Qualys
Oracle Critical Patch Update, October 2024 Security Update Review
blogs_qualys·2024-10-16
Oracle Critical Patch Update, October 2024 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 100 constituting about 30% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 45 and 32 security patches, respectively.
244
Qualys
Oracle Critical Patch Security Update: October 2024 | Qualys
blogs_qualys·2024-10-16
Oracle Critical Patch Security Update: October 2024 | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Oracle released the last quarterly edition of this year’s Critical Patch Update. The update contains patches for 334 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 100 constituting about 30% of the total patches released. Oracle MySQL and Oracle Fusion Middleware followed, with 45 and 32 security patches, respectively.
Bugzilla
CVE-2024-5642 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
bugzilla·2024-06-28·CVSS 9.1
CVE-2024-5642 [CRITICAL] CVE-2024-5642 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
CVE-2024-5642 python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e
https://github.com/python/cpython/pull/23014
https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html
https://mail.python.org/archives/list/[email protected]/thread
Bugzilla
CVE-2024-5535 openssl: SSL_select_next_proto buffer overread
bugzilla·2024-06-27·CVSS 9.1
CVE-2024-5535 [CRITICAL] CVE-2024-5535 openssl: SSL_select_next_proto buffer overread
CVE-2024-5535 openssl: SSL_select_next_proto buffer overread
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
empty supported client protocols buffer may cause a crash or memory contents to
be sent to the peer.
Impact summary: A buffer overread can have a range of potential consequences
such as unexpected application beahviour or a crash. In particular this issue
could result in up to 255 bytes of arbitrary private data from memory being sent
to the peer leading to a loss of confidentiality. However, only applications
that directly call the SSL_select_next_proto function with a 0 length list of
supported client protocols are affected by this issue. This would normally never
be a valid scenario and is typically not under attacker control but may occur by
accid
arXiv
Explainer-guided Targeted Adversarial Attacks against Binary Code Similarity Detection Models
arxiv_fulltext·2025-06-05
Explainer-guided Targeted Adversarial Attacks against Binary Code Similarity Detection Models
Explainer-guided Targeted Adversarial Attacks against Binary Code Similarity Detection Models
[1 ]Mingjie Chen
[1]Zhejiang University
[2 ]Tiancheng Zhu
[2]Huazhong University of Science and Technology
[3, 4]Mingxue Zhang
[3]The State Key Laboratory of Blockchain and Data Security, Zhejiang University
[4]Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security
[5]Yiling He
[5]University College London
[6]Minghao Lin
[6]University of Southern California
[7]Penghui Li
[7]Columbia University
[3]Kui Ren
[1]The first two authors contributed equally to this work. Tiancheng Zhu conducted the research during his internship at Zhejiang University.
## Abstract
Binary code similarity detection (BCSD) serves as a fundamental technique for various software engineering tasks
https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51ehttps://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260chttps://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2chttps://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21chttps://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87https://www.openssl.org/news/secadv/20240627.txthttp://www.openwall.com/lists/oss-security/2024/06/27/1http://www.openwall.com/lists/oss-security/2024/06/28/4http://www.openwall.com/lists/oss-security/2024/08/15/1https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51ehttps://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260chttps://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2chttps://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21chttps://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87https://lists.debian.org/debian-lts-announce/2024/10/msg00033.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00000.htmlhttps://security.netapp.com/advisory/ntap-20240712-0005/https://security.netapp.com/advisory/ntap-20241025-0006/https://security.netapp.com/advisory/ntap-20241025-0010/https://www.openssl.org/news/secadv/20240627.txthttps://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-277137.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-398330.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-613116.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-769027.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-915275.html
2024-06-27
Published