FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Multiple vulnerabilities

Affected packages
openssl < 3.0.15,1
openssl31 < 3.1.7
openssl32 < 3.2.3
openssl33 < 3.3.2
openssl-quictls < 3.0.15
openssl31-quictls < 3.1.7
14.1 <= FreeBSD < 14.1_4
14.0 <= FreeBSD < 14.0_10

Details

VuXML ID 21f505f4-6a1c-11ef-b611-84a93843eb75
Discovery 2024-09-03
Entry 2024-09-03
Modified 2024-09-05

The OpenSSL project reports:

Possible denial of service in X.509 name checks [Moderate severity] Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.

SSL_select_next_proto buffer overread [Low severity] Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer.

[source]

References

CVE Name CVE-2024-5535
CVE Name CVE-2024-6119
FreeBSD Advisory SA-24:13.openssl
URL https://openssl-library.org/news/secadv/20240627.txt
URL https://openssl-library.org/news/secadv/20240903.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.