CVE-2023-35784

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 16, 2023

Updated: Nov 6, 2023

CWE ID 416

CWE ID 415

Summary

CVE-2023-35784 is a vulnerability affecting OpenBSD 7.2 before errata 026 and 7.3 before errata 004, as well as LibreSSL before 3.6.3 and 3.7.x before 3.7.3. This issue involves a double free or use after free situation, which can lead to memory corruption. The SSL_clear function is the source of this vulnerability in the SSL handshake process. Notably, OpenSSL is not susceptible to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Openbsd Libressl
OpenBSD

Affected Vendors

OpenBSD Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rqnhVW
https://www.cve.org/CVERecord?id=CVE-2023-35784
https://nvd.nist.gov/vuln/detail/CVE-2023-35784

Back to Vulnerability Database