CVE-2023-35784 : A double free or use after free could occur after SSL

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.

Published 2023-06-16 20:15:09

Updated 2023-11-06 22:15:08

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2023-35784

Openbsd » Openbsd » Version: 7.2
cpe:2.3:o:openbsd:openbsd:7.2:*:*:*:*:*:*:*
Matching versions
Openbsd » Openbsd » Version: 7.3
cpe:2.3:o:openbsd:openbsd:7.3:*:*:*:*:*:*:*
Matching versions
Openbsd » Libressl
Versions from including (>=) 3.7.0 and before (<) 3.7.3
cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*
Matching versions
Openbsd » Libressl
Versions before (<) 3.6.3
cpe:2.3:a:openbsd:libressl:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2023-35784

Top countries where our scanners detected CVE-2023-35784

Top open port discovered on systems with this issue 22

IPs affected by CVE-2023-35784 468,577

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2023-35784!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2023-35784

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-35784

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-35784

CWE-415 Double Free

The product calls free() twice on the same memory address.

Assigned by: nvd@nist.gov (Primary)
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-35784

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt

Release Notes
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt

Release Notes
https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54

add missing pointer invalidation · libressl/openbsd@e42d8f4 · GitHub
https://github.com/libressl/openbsd/commit/96094ca8757b95298f49d65c813f303bd514b27b

add missing pointer invalidation · libressl/openbsd@96094ca · GitHub
Patch
https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig

Patch
https://github.com/libressl/openbsd/commit/1d6680b3682f8caba78c627dee60c76da6e20dd7

Add missing pointer invalidation · libressl/openbsd@1d6680b · GitHub
Patch
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig

Patch