CVE-2024-9143

Source
https://cve.org/CVERecord?id=CVE-2024-9143
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9143.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-9143
Downstream
Related
Published
2024-10-16T17:09:23.844Z
Modified
2026-07-11T19:48:17.771116Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Low-level invalid GF(2^m) parameters lead to OOB memory access
Details

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes.

Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low.

In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an "exotic" curve encoding.

The affected APIs include: ECGROUPnewcurveGF2m(), ECGROUPnewfromparams(), and various supporting BNGF2m*() functions.

Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Database specific
{
    "cwe_ids": [
        "CWE-125",
        "CWE-787"
    ],
    "cna_assigner": "openssl",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9143.json"
}
References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.3"
        },
        {
            "introduced": "3.2.0"
        },
        {
            "fixed": "3.2.4"
        },
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.8"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.16"
        },
        {
            "introduced": "1.1.1"
        },
        {
            "fixed": "1.1.1zb"
        },
        {
            "introduced": "1.0.2"
        },
        {
            "fixed": "1.0.2zl"
        }
    ]
}

Affected versions

openssl-3.*
openssl-3.0.0
openssl-3.0.1
openssl-3.0.10
openssl-3.0.11
openssl-3.0.12
openssl-3.0.13
openssl-3.0.14
openssl-3.0.15
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7
openssl-3.0.8
openssl-3.0.9
openssl-3.1.0
openssl-3.1.1
openssl-3.1.2
openssl-3.1.3
openssl-3.1.4
openssl-3.1.5
openssl-3.1.6
openssl-3.1.7
openssl-3.2.0
openssl-3.2.1
openssl-3.2.2
openssl-3.2.3
openssl-3.3.0
openssl-3.3.1
openssl-3.3.2

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9143.json"
vanir_signatures_modified
"2026-07-11T19:48:17Z"
vanir_signatures
[
    {
        "digest": {
            "line_hashes": [
                "202560716467995180801900703314012126638",
                "231076714992210239911677876085986544653",
                "119476550149019858610160764241585512883",
                "237713134421560846878241190267682686452",
                "291912177671523663250360670212314966717",
                "148718397703357758449784276736258891876",
                "8308956487359903771982894414540058331",
                "219665286569007368979236427780197060159"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700",
        "signature_version": "v1",
        "id": "CVE-2024-9143-28dcee6c",
        "target": {
            "file": "test/ec_internal_test.c"
        }
    },
    {
        "digest": {
            "function_hash": "30673062630639656303483208802482655434",
            "length": 494.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4",
        "signature_version": "v1",
        "id": "CVE-2024-9143-2f7e43bd",
        "target": {
            "file": "crypto/bn/bn_gf2m.c",
            "function": "BN_GF2m_poly2arr"
        }
    },
    {
        "digest": {
            "function_hash": "159961323144863637841029808721197081977",
            "length": 585.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700",
        "signature_version": "v1",
        "id": "CVE-2024-9143-35f05384",
        "target": {
            "file": "test/ec_internal_test.c",
            "function": "setup_tests"
        }
    },
    {
        "digest": {
            "function_hash": "30673062630639656303483208802482655434",
            "length": 494.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712",
        "signature_version": "v1",
        "id": "CVE-2024-9143-3e208a4f",
        "target": {
            "file": "crypto/bn/bn_gf2m.c",
            "function": "BN_GF2m_poly2arr"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "202560716467995180801900703314012126638",
                "231076714992210239911677876085986544653",
                "119476550149019858610160764241585512883",
                "237713134421560846878241190267682686452",
                "291912177671523663250360670212314966717",
                "148718397703357758449784276736258891876",
                "8308956487359903771982894414540058331",
                "219665286569007368979236427780197060159"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4",
        "signature_version": "v1",
        "id": "CVE-2024-9143-520f2dac",
        "target": {
            "file": "test/ec_internal_test.c"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "230361427007416664995616424352791763469",
                "68454496777232705137616949383570055801",
                "174227485603324825134703660955423564225",
                "306374039697804480350160125378658725435",
                "223787537721903344733141597182001711142",
                "305852724676774806958748002571762917320",
                "61902118637910596077004663207701223681",
                "278724473247779637198513168995006009135",
                "150804929727413209120953746872414715465",
                "166774358343717215765245239236385866693",
                "116293081894868411264108492273509366961",
                "326496170417124709669304286305887789679",
                "278306348133167756990680493182074324125",
                "189649085256091224929149730235838635518",
                "82945606976757935725900546138315651129",
                "136187505923069729147869676886657763243",
                "233447734599456461300796481665382809870",
                "116930820689846462220149337293161556595",
                "153181275943870954612030432229689150702",
                "65985025876624501603393736976041980125"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700",
        "signature_version": "v1",
        "id": "CVE-2024-9143-5b653082",
        "target": {
            "file": "crypto/bn/bn_gf2m.c"
        }
    },
    {
        "digest": {
            "function_hash": "159961323144863637841029808721197081977",
            "length": 585.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154",
        "signature_version": "v1",
        "id": "CVE-2024-9143-5c591904",
        "target": {
            "file": "test/ec_internal_test.c",
            "function": "setup_tests"
        }
    },
    {
        "digest": {
            "function_hash": "30673062630639656303483208802482655434",
            "length": 494.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154",
        "signature_version": "v1",
        "id": "CVE-2024-9143-65ffd6d0",
        "target": {
            "file": "crypto/bn/bn_gf2m.c",
            "function": "BN_GF2m_poly2arr"
        }
    },
    {
        "digest": {
            "function_hash": "30673062630639656303483208802482655434",
            "length": 494.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700",
        "signature_version": "v1",
        "id": "CVE-2024-9143-7358c488",
        "target": {
            "file": "crypto/bn/bn_gf2m.c",
            "function": "BN_GF2m_poly2arr"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "230361427007416664995616424352791763469",
                "68454496777232705137616949383570055801",
                "174227485603324825134703660955423564225",
                "306374039697804480350160125378658725435",
                "223787537721903344733141597182001711142",
                "305852724676774806958748002571762917320",
                "61902118637910596077004663207701223681",
                "278724473247779637198513168995006009135",
                "150804929727413209120953746872414715465",
                "166774358343717215765245239236385866693",
                "116293081894868411264108492273509366961",
                "326496170417124709669304286305887789679",
                "278306348133167756990680493182074324125",
                "189649085256091224929149730235838635518",
                "82945606976757935725900546138315651129",
                "136187505923069729147869676886657763243",
                "233447734599456461300796481665382809870",
                "116930820689846462220149337293161556595",
                "153181275943870954612030432229689150702",
                "65985025876624501603393736976041980125"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712",
        "signature_version": "v1",
        "id": "CVE-2024-9143-894da43e",
        "target": {
            "file": "crypto/bn/bn_gf2m.c"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "202560716467995180801900703314012126638",
                "231076714992210239911677876085986544653",
                "119476550149019858610160764241585512883",
                "237713134421560846878241190267682686452",
                "291912177671523663250360670212314966717",
                "148718397703357758449784276736258891876",
                "8308956487359903771982894414540058331",
                "219665286569007368979236427780197060159"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154",
        "signature_version": "v1",
        "id": "CVE-2024-9143-ae3aad94",
        "target": {
            "file": "test/ec_internal_test.c"
        }
    },
    {
        "digest": {
            "function_hash": "159961323144863637841029808721197081977",
            "length": 585.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712",
        "signature_version": "v1",
        "id": "CVE-2024-9143-bd78715a",
        "target": {
            "file": "test/ec_internal_test.c",
            "function": "setup_tests"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "230361427007416664995616424352791763469",
                "68454496777232705137616949383570055801",
                "174227485603324825134703660955423564225",
                "306374039697804480350160125378658725435",
                "223787537721903344733141597182001711142",
                "305852724676774806958748002571762917320",
                "61902118637910596077004663207701223681",
                "278724473247779637198513168995006009135",
                "150804929727413209120953746872414715465",
                "166774358343717215765245239236385866693",
                "116293081894868411264108492273509366961",
                "326496170417124709669304286305887789679",
                "278306348133167756990680493182074324125",
                "189649085256091224929149730235838635518",
                "82945606976757935725900546138315651129",
                "136187505923069729147869676886657763243",
                "233447734599456461300796481665382809870",
                "116930820689846462220149337293161556595",
                "153181275943870954612030432229689150702",
                "65985025876624501603393736976041980125"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154",
        "signature_version": "v1",
        "id": "CVE-2024-9143-c1616925",
        "target": {
            "file": "crypto/bn/bn_gf2m.c"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "28170854778703993674264004058177114599",
                "73132526844288570625317440636111911761",
                "177405411499435185068645597737938634778",
                "224809958623850711330610094965797758930",
                "295554444428855106393106961197201359586"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
        "signature_version": "v1",
        "id": "CVE-2024-9143-c377fa22",
        "target": {
            "file": "include/openssl/opensslv.h"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "202560716467995180801900703314012126638",
                "231076714992210239911677876085986544653",
                "119476550149019858610160764241585512883",
                "237713134421560846878241190267682686452",
                "291912177671523663250360670212314966717",
                "148718397703357758449784276736258891876",
                "8308956487359903771982894414540058331",
                "219665286569007368979236427780197060159"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712",
        "signature_version": "v1",
        "id": "CVE-2024-9143-cc5bdbb4",
        "target": {
            "file": "test/ec_internal_test.c"
        }
    },
    {
        "digest": {
            "function_hash": "159961323144863637841029808721197081977",
            "length": 585.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4",
        "signature_version": "v1",
        "id": "CVE-2024-9143-cf8e54a0",
        "target": {
            "file": "test/ec_internal_test.c",
            "function": "setup_tests"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "251633914150035957322733061977107206211",
                "338514574181828579838011565939158652696",
                "76638288692106140328510055542557597351",
                "142922657400765574308962710386922248045",
                "71649992455794854055653842592139575350",
                "65527166711110472566013424527579064967",
                "253196866009476977787139000804413898733",
                "172177136897997206866313011107384691461"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8",
        "signature_version": "v1",
        "id": "CVE-2024-9143-e051451f",
        "target": {
            "file": "crypto/opensslv.h"
        }
    },
    {
        "digest": {
            "line_hashes": [
                "230361427007416664995616424352791763469",
                "68454496777232705137616949383570055801",
                "174227485603324825134703660955423564225",
                "306374039697804480350160125378658725435",
                "223787537721903344733141597182001711142",
                "305852724676774806958748002571762917320",
                "61902118637910596077004663207701223681",
                "278724473247779637198513168995006009135",
                "150804929727413209120953746872414715465",
                "166774358343717215765245239236385866693",
                "116293081894868411264108492273509366961",
                "326496170417124709669304286305887789679",
                "278306348133167756990680493182074324125",
                "189649085256091224929149730235838635518",
                "82945606976757935725900546138315651129",
                "136187505923069729147869676886657763243",
                "233447734599456461300796481665382809870",
                "116930820689846462220149337293161556595",
                "153181275943870954612030432229689150702",
                "65985025876624501603393736976041980125"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4",
        "signature_version": "v1",
        "id": "CVE-2024-9143-f9f93d93",
        "target": {
            "file": "crypto/bn/bn_gf2m.c"
        }
    }
]