CVE-2023-35784

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-35784

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35784.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-35784

Downstream

BELL-CVE-2023-35784

Published

2023-06-16T20:15:09Z

Modified

2025-10-26T04:16:37.862285Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.

References

Affected packages

Git / github.com/libressl-portable/portable

Affected ranges

Type: GIT
Repo: https://github.com/libressl-portable/portable
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4f1a1ffccf22a49d8c307f5a91b368e048278f55

Affected versions

v2.*

v2.1.2

v2.1.3

v2.1.4

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.1

v2.5.0

v2.5.1

v2.5.2

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.9.0

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.2.0

v3.2.1

v3.3.0

v3.3.1

v3.3.2

v3.4.0

v3.5.0

v3.5.1

v3.6.0

v3.6.1

v3.6.2

Git / github.com/libressl-portable/portable

Affected ranges

Type: GIT
Repo: https://github.com/libressl/openbsd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54",
        "id": "CVE-2023-35784-6b7f9c19",
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "ssl3_free",
            "file": "src/lib/libssl/s3_lib.c"
        },
        "digest": {
            "function_hash": "275837915516327575572512449369328465332",
            "length": 1139.0
        }
    },
    {
        "source": "https://github.com/libressl/openbsd/commit/e42d8f4b21a8a498e2eabbffe4c7b7d4ef7cec54",
        "id": "CVE-2023-35784-81ca270c",
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "src/lib/libssl/s3_lib.c"
        },
        "digest": {
            "line_hashes": [
                "318029086928463328978880662858799719559",
                "38581269024580834936979536530738007553",
                "289431370978073966754050857004753806111",
                "237554259802663005882124020248922010992",
                "55220800006065477010725795313990725964"
            ],
            "threshold": 0.9
        }
    }
]