FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- OOB memory access vulnerability

Affected packages
openssl < 3.0.15_1,1
openssl31 < 3.1.7_1
openssl32 < 3.2.3_1
openssl33 < 3.3.2_1
openssl-quictls < 3.0.15_1,1
openssl31-quictls < 3.1.7_1

Details

VuXML ID c6f4177c-8e29-11ef-98e7-84a93843eb75
Discovery 2024-10-16
Entry 2024-10-19

The OpenSSL project reports:

Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143) (Low)

Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes.

[source]

References

CVE Name CVE-2024-9143
URL https://openssl-library.org/news/secadv/20241016.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.