Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-4741

Good to know:

icon
icon

Date: November 13, 2024

A Use After Free exists in OpenSSL when calling the OpenSSL API function SSL_free_buffers, which may cause memory to be accessed that was previously freed in some situations. only applications that directly call the SSL_free_buffers function are affected by this issue. Fixed in commit e5093133c3 (for 3.3), commit c88c3de510 (for 3.2), commit 704f725b96 (for 3.1) and commit b3f0eb0a29 (for 3.0) in the OpenSSL git repository. It is available to premium support customers in commit f7a045f314 (for 1.1.1).

Language: C

Severity Score

Related Resources (10)

https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8
https://github.com/openssl/openssl/commit/b3f0eb0a29
https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
https://security-tracker.debian.org/tracker/CVE-2024-4741
https://nvd.nist.gov/vuln/detail/CVE-2024-4741
https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4
https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177
https://www.openssl.org/news/secadv/20240528.txt
https://www.mend.io/vulnerability-database/CVE-2024-4741

Severity Score

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

icon

Upgrade Version

Upgrade to version openssl-3.0.14,openssl-3.1.6,openssl-3.2.2,openssl-3.3.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us