Buffer Overread in SSL_select_next_proto May Lead to Loss of Confidentiality
CVE-2024-5535
Key Information:
Badges
What is CVE-2024-5535?
A buffer overread vulnerability exists in OpenSSL that may lead to the accidental exposure of up to 255 bytes of sensitive memory content when the API function SSL_select_next_proto is called with an empty list of supported client protocols. This situation is unlikely to arise under normal circumstances, as it typically requires a configuration or programming mistake. When SSL_select_next_proto is invoked incorrectly, it fails to detect this and can return invalid memory content, potentially leading to a loss of confidentiality. Primarily, this affects applications using Next Protocol Negotiation (NPN), which is less common than the more widely adopted Application Layer Protocol Negotiation (ALPN). Developers must ensure proper handling of protocol lists to avoid inadvertently exposing private data.
Affected Version(s)
OpenSSL 3.3.0 < 3.3.2
OpenSSL 3.2.0 < 3.2.3
OpenSSL 3.1.0 < 3.1.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
7% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved