CVE-2023-35784: Double Free
(updated )
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
References
- ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt
- ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt
- ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig
- ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig
- github.com/libressl/openbsd/commit/1d6680b3682f8caba78c627dee60c76da6e20dd7
- github.com/libressl/openbsd/commit/96094ca8757b95298f49d65c813f303bd514b27b
- nvd.nist.gov/vuln/detail/CVE-2023-35784
Code Behaviors & Features
Detect and mitigate CVE-2023-35784 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →