CVE-2023-35784
- Source
- https://cve.org/CVERecord?id=CVE-2023-35784
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35784.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-35784
- Downstream
- Published
- 2023-06-16T20:15:09.493Z
- Modified
- 2026-02-03T21:38:21.189822Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.
- References
-
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.3-relnotes.txt
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.3-relnotes.txt
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/026_ssl.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/004_ssl.patch.sig
- https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54
Affected packages
Git / github.com/libressl-portable/portable
Git / github.com/libressl/openbsd
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libressl/openbsd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"source": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54",
"target": {
"file": "src/lib/libssl/s3_lib.c",
"function": "ssl3_free"
},
"id": "CVE-2023-35784-6b7f9c19",
"signature_version": "v1",
"digest": {
"function_hash": "275837915516327575572512449369328465332",
"length": 1139.0
},
"deprecated": false
},
{
"signature_type": "Line",
"source": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54",
"target": {
"file": "src/lib/libssl/s3_lib.c"
},
"id": "CVE-2023-35784-81ca270c",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"318029086928463328978880662858799719559",
"38581269024580834936979536530738007553",
"289431370978073966754050857004753806111",
"237554259802663005882124020248922010992",
"55220800006065477010725795313990725964"
]
},
"deprecated": false
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35784.json"