A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/35xxx/CVE-2023-35784.json",
"cna_assigner": "mitre",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "7.2"
},
{
"introduced": "7.3"
}
],
"source": "DESCRIPTION"
}
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.6.3"
},
{
"introduced": "3.7.x"
},
{
"fixed": "3.7.3"
}
],
"source": [
"DESCRIPTION",
"REFERENCES"
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.6.3"
},
{
"introduced": "3.7.x"
},
{
"fixed": "3.7.3"
}
],
"source": "DESCRIPTION"
}[
{
"id": "CVE-2023-35784-54e5d3b7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"318029086928463328978880662858799719559",
"38581269024580834936979536530738007553",
"289431370978073966754050857004753806111",
"237554259802663005882124020248922010992",
"55220800006065477010725795313990725964"
]
},
"source": "https://github.com/libressl/openbsd/commit/ec44842c68b88bb1c93a8d517ef859e8a456a822",
"target": {
"file": "src/lib/libssl/s3_lib.c"
}
},
{
"id": "CVE-2023-35784-55fcfbb8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "275837915516327575572512449369328465332",
"length": 1139.0
},
"source": "https://github.com/libressl/openbsd/commit/ec44842c68b88bb1c93a8d517ef859e8a456a822",
"target": {
"file": "src/lib/libssl/s3_lib.c",
"function": "ssl3_free"
}
},
{
"id": "CVE-2023-35784-6b7f9c19",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "275837915516327575572512449369328465332",
"length": 1139.0
},
"source": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54",
"target": {
"file": "src/lib/libssl/s3_lib.c",
"function": "ssl3_free"
}
},
{
"id": "CVE-2023-35784-6d3514d1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "179503027444079463257166586757167826824",
"length": 1018.0
},
"source": "https://github.com/libressl/openbsd/commit/242532e946dd73e728b67bfe0915634d91462442",
"target": {
"file": "src/lib/libssl/s3_lib.c",
"function": "ssl3_free"
}
},
{
"id": "CVE-2023-35784-81ca270c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"318029086928463328978880662858799719559",
"38581269024580834936979536530738007553",
"289431370978073966754050857004753806111",
"237554259802663005882124020248922010992",
"55220800006065477010725795313990725964"
]
},
"source": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54",
"target": {
"file": "src/lib/libssl/s3_lib.c"
}
},
{
"id": "CVE-2023-35784-cc4e1e37",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"318029086928463328978880662858799719559",
"167570896660061044803044394243221479805",
"236761717147379022131078656568025718482",
"280851328767504689644122720762551246455",
"111262196369619851026950638376073380677"
]
},
"source": "https://github.com/libressl/openbsd/commit/242532e946dd73e728b67bfe0915634d91462442",
"target": {
"file": "src/lib/libssl/s3_lib.c"
}
}
]
"2026-07-08T19:18:29Z"
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35784.json"