Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-2511

Summary
Assigner-openssl
Assigner Org ID-3a12439a-ef3a-4c79-92e6-6081a721f1e5
Published At-08 Apr, 2024 | 13:51
Updated At-03 Nov, 2025 | 21:54
Rejected At-
Credits

Unbounded memory growth with session handling in TLSv1.3

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:openssl
Assigner Org ID:3a12439a-ef3a-4c79-92e6-6081a721f1e5
Published At:08 Apr, 2024 | 13:51
Updated At:03 Nov, 2025 | 21:54
Rejected At:
▼CVE Numbering Authority (CNA)
Unbounded memory growth with session handling in TLSv1.3

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.

Affected Products
Vendor
OpenSSLOpenSSL
Product
OpenSSL
Default Status
unaffected
Versions
Affected
  • From 3.2.0 before 3.2.2 (semver)
  • From 3.1.0 before 3.1.6 (semver)
  • From 3.0.0 before 3.0.14 (semver)
  • From 1.1.1 before 1.1.1y (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1325CWE-1325 Improperly Controlled Sequential Memory Allocation
Type: CWE
CWE ID: CWE-1325
Description: CWE-1325 Improperly Controlled Sequential Memory Allocation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
https://www.openssl.org/policies/secpolicy.html
text:
Low
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Manish Patidar (Hewlett Packard Enterprise)
remediation developer
Matt Caswell
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.openssl.org/news/secadv/20240408.txt
vendor-advisory
https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
patch
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
patch
https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
patch
https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
patch
Hyperlink: https://www.openssl.org/news/secadv/20240408.txt
Resource:
vendor-advisory
Hyperlink: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
Resource:
patch
Hyperlink: https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
Resource:
patch
Hyperlink: https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
Resource:
patch
Hyperlink: https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
Resource:
patch
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.openssl.org/news/secadv/20240408.txt
vendor-advisory
x_transferred
https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
patch
x_transferred
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
patch
x_transferred
https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
patch
x_transferred
https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
patch
x_transferred
http://www.openwall.com/lists/oss-security/2024/04/08/5
x_transferred
https://security.netapp.com/advisory/ntap-20240503-0013/
x_transferred
https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html
N/A
https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html
N/A
Hyperlink: https://www.openssl.org/news/secadv/20240408.txt
Resource:
vendor-advisory
x_transferred
Hyperlink: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
Resource:
patch
x_transferred
Hyperlink: https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
Resource:
patch
x_transferred
Hyperlink: https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
Resource:
patch
x_transferred
Hyperlink: https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
Resource:
patch
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2024/04/08/5
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20240503-0013/
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:openssl-security@openssl.org
Published At:08 Apr, 2024 | 14:15
Updated At:03 Nov, 2025 | 22:16

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-1325Secondaryopenssl-security@openssl.org
CWE ID: CWE-1325
Type: Secondary
Source: openssl-security@openssl.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bceopenssl-security@openssl.org
N/A
https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5dopenssl-security@openssl.org
N/A
https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08openssl-security@openssl.org
N/A
https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640openssl-security@openssl.org
N/A
https://www.openssl.org/news/secadv/20240408.txtopenssl-security@openssl.org
N/A
http://www.openwall.com/lists/oss-security/2024/04/08/5af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bceaf854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5daf854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2024/10/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2024/11/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20240503-0013/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.openssl.org/news/secadv/20240408.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: https://www.openssl.org/news/secadv/20240408.txt
Source: openssl-security@openssl.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2024/04/08/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20240503-0013/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.openssl.org/news/secadv/20240408.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2023-1255
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.63%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 16:14
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Input buffer over-read in AES-XTS implementation on 64 bit ARM

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.

Action-Not Available
Vendor-OpenSSL
Product-opensslOpenSSL
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-9232
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 8.66%
||
7 Day CHG~0.00%
Published-30 Sep, 2025 | 13:17
Updated-04 Nov, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds read in HTTP client no_proxy handling

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.

Action-Not Available
Vendor-OpenSSL
Product-OpenSSL
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-3449
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-11.26% / 93.35%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 14:25
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer deref in signature_algorithms processing

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

Action-Not Available
Vendor-SonicWall Inc.FreeBSD FoundationCheck Point Software Technologies Ltd.Fedora ProjectOracle CorporationTenable, Inc.Siemens AGDebian GNU/LinuxMcAfee, LLCNode.js (OpenJS Foundation)OpenSSLNetApp, Inc.
Product-simatic_net_cp1243-7_lte_ussinamics_connect_300_firmwaresimatic_pcs_neosonicosscalance_s602_firmwarescalance_sc-600_firmwarescalance_xp-200simatic_s7-1200_cpu_1212csnapcenterscalance_xf-200basimatic_mv500quantum_security_gatewayessbasescalance_s602simatic_s7-1200_cpu_1212fc_firmwarequantum_security_management_firmwarenessus_network_monitorsimatic_net_cp_1545-1_firmwaresimatic_cp_1242-7_gprs_v2scalance_s615_firmwaresimatic_s7-1200_cpu_1215_fcsimatic_rf166c_firmwarescalance_xr528-6m_firmwarescalance_m-800_firmwaree-series_performance_analyzerscalance_xc-200_firmwarescalance_xr-300wg_firmwaresimatic_hmi_ktp_mobile_panelsscalance_s612_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmwaredebian_linuxsimatic_net_cp_1543-1_firmwaresimatic_mv500_firmwareruggedcom_rcm1224_firmwaresimatic_process_historian_opc_ua_server_firmwarescalance_sc-600simatic_net_cp_1243-1_firmwaresimatic_s7-1200_cpu_1214c_firmwarecommunications_communications_policy_managementsimatic_process_historian_opc_ua_serversecure_backupsimatic_net_cp_1542sp-1_irc_firmwaresimatic_s7-1200_cpu_1211c_firmwaresimatic_s7-1200_cpu_1214cscalance_xf-200ba_firmwarequantum_security_managementsimatic_rf186c_firmwarescalance_w700simatic_net_cp_1542sp-1_ircstoragegridsimatic_hmi_comfort_outdoor_panels_firmwaresimatic_rf185cnode.jssinec_infrastructure_network_servicesscalance_s615graalvmsimatic_s7-1200_cpu_1214_fctim_1531_irc_firmwaresma100_firmwaresimatic_net_cp_1243-8_ircsimatic_net_cp_1243-8_irc_firmwaresimatic_rf186ci_firmwarenessussimatic_rf188ci_firmwarecloud_volumes_ontap_mediatorsimatic_net_cp1243-7_lte_us_firmwarelog_correlation_engineoncommand_workflow_automationscalance_xm-400_firmwarescalance_xr524-8c_firmwaresinumerik_opc_ua_serverscalance_s623_firmwarescalance_w700_firmwaremulti-domain_management_firmwarescalance_s627-2m_firmwarescalance_w1700_firmwaresimatic_net_cp_1545-1simatic_cloud_connect_7_firmwarescalance_xb-200_firmwarescalance_xc-200scalance_m-800jd_edwards_enterpriseone_toolssimatic_s7-1200_cpu_1214_fc_firmwarepeoplesoft_enterprise_peopletoolsprimavera_unifieropensslruggedcom_rcm1224simatic_pcs_neo_firmwaresimatic_rf360rscalance_lpe9403simatic_cp_1242-7_gprs_v2_firmwaresimatic_hmi_basic_panels_2nd_generation_firmwaresimatic_s7-1500_cpu_1518-4_pn\/dp_mfpscalance_xr528-6msimatic_s7-1200_cpu_1215_fc_firmwarescalance_xr-300wgscalance_s612simatic_rf360r_firmwaresinec_nmstim_1531_ircontap_select_deploy_administration_utilitysimatic_net_cp_1243-1fedorazfs_storage_appliance_kitsimatic_net_cp1243-7_lte_eu_firmwaresimatic_rf188csimatic_s7-1200_cpu_1217csimatic_rf185c_firmwaresimatic_net_cp_1543sp-1simatic_s7-1200_cpu_1215c_firmwareweb_gatewaysimatic_net_cp_1543-1simatic_s7-1200_cpu_1212c_firmwaresimatic_s7-1200_cpu_1217c_firmwaresimatic_rf188cicapture_clientsimatic_hmi_ktp_mobile_panels_firmwaresma100scalance_xr524-8csimatic_s7-1200_cpu_1215csimatic_logonsimatic_pcs_7_telecontrol_firmwaresimatic_net_cp_1543sp-1_firmwaremysql_workbenchsimatic_wincc_runtime_advancedscalance_s623secure_global_desktopweb_gateway_cloud_servicescalance_w1700scalance_xm-400freebsdscalance_lpe9403_firmwaremysql_serversimatic_pcs_7_telecontrolquantum_security_gateway_firmwaresimatic_wincc_telecontrolmysql_connectorssimatic_rf188c_firmwaresinec_pnimulti-domain_managementsimatic_pdmscalance_s627-2msimatic_rf186cioncommand_insightjd_edwards_world_securityenterprise_manager_for_storage_managementscalance_xp-200_firmwaresimatic_rf166csimatic_hmi_basic_panels_2nd_generationtia_administratoractive_iq_unified_managerscalance_xb-200tenable.scsimatic_hmi_comfort_outdoor_panelssimatic_s7-1200_cpu_1211csinema_serversinamics_connect_300scalance_xr552-12simatic_cloud_connect_7simatic_rf186cscalance_xr526-8c_firmwaresimatic_s7-1200_cpu_1212fcscalance_xr552-12_firmwaresimatic_net_cp1243-7_lte_euscalance_xr526-8csimatic_pdm_firmwaresantricity_smi-s_providerOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-66199
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.32%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 16:01
Updated-02 Feb, 2026 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TLS 1.3 CompressedCertificate excessive memory allocation

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and extra CPU work, potentially leading to service degradation or resource exhaustion (Denial of Service). In affected configurations, the peer-supplied uncompressed certificate length from a CompressedCertificate message is used to grow a heap buffer prior to decompression. This length is not bounded by the max_cert_list setting, which otherwise constrains certificate message sizes. An attacker can exploit this to cause large per-connection allocations followed by handshake failure. No memory corruption or information disclosure occurs. This issue only affects builds where TLS 1.3 certificate compression is compiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression algorithm (brotli, zlib, or zstd) is available, and where the compression extension is negotiated. Both clients receiving a server CompressedCertificate and servers in mutual TLS scenarios receiving a client CompressedCertificate are affected. Servers that do not request client certificates are not vulnerable to client-initiated attacks. Users can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION to disable receiving compressed certificates. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the TLS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Action-Not Available
Vendor-OpenSSL
Product-opensslOpenSSL
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2023-6237
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.52% / 66.40%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 06:27
Updated-01 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Excessive time spent checking invalid RSA public keys

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check() is called on RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is an overly large prime, then this computation would take a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function EVP_PKEY_public_check() is not called from other OpenSSL functions however it is called from the OpenSSL pkey command line application. For that reason that application is also vulnerable if used with the '-pubin' and '-check' options on untrusted data. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

Action-Not Available
Vendor-OpenSSL
Product-OpenSSL
CWE ID-CWE-606
Unchecked Input for Loop Condition
CVE-2025-15468
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 16:01
Updated-02 Feb, 2026 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL dereference in SSL_CIPHER_find() function on unknown cipher ID

Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Service. Some applications call SSL_CIPHER_find() from the client_hello_cb callback on the cipher ID received from the peer. If this is done with an SSL object implementing the QUIC protocol, NULL pointer dereference will happen if the examined cipher ID is unknown or unsupported. As it is not very common to call this function in applications using the QUIC protocol and the worst outcome is Denial of Service, the issue was assessed as Low severity. The vulnerable code was introduced in the 3.2 version with the addition of the QUIC protocol support. The FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue, as the QUIC implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue. OpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.

Action-Not Available
Vendor-OpenSSL
Product-opensslOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-23841
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.61% / 69.33%
||
7 Day CHG~0.00%
Published-16 Feb, 2021 | 16:55
Updated-16 Sep, 2024 | 22:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Null pointer deref in X509_issuer_and_serial_hash()

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Action-Not Available
Vendor-Debian GNU/LinuxSiemens AGApple Inc.OpenSSLNetApp, Inc.Oracle CorporationTenable, Inc.
Product-jd_edwards_world_securityiphone_ospeoplesoft_enterprise_peopletoolssinec_insenterprise_manager_for_storage_managementopensslbusiness_intelligencemacostenable.sconcommand_workflow_automationcommunications_cloud_native_core_policysnapcenterdebian_linuxessbasegraalvmipadossafarimysql_enterprise_monitorzfs_storage_appliance_kitnessus_network_monitormysql_serverenterprise_manager_ops_centeroncommand_insightOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-1971
Matching Score-8
Assigner-OpenSSL Software Foundation
ShareView Details
Matching Score-8
Assigner-OpenSSL Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-0.35% / 56.84%
||
7 Day CHG-0.01%
Published-08 Dec, 2020 | 15:30
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EDIPARTYNAME NULL pointer dereference

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Action-Not Available
Vendor-Fedora ProjectOracle CorporationTenable, Inc.Debian GNU/LinuxSiemens AGNode.js (OpenJS Foundation)OpenSSLNetApp, Inc.
Product-communications_unified_session_managerpeoplesoft_enterprise_peopletoolsopensslcommunications_cloud_native_core_network_function_cloud_native_environmenthci_storage_nodebusiness_intelligenceef600asantricity_smi-s_providerhci_compute_nodenode.jssnapcentersinec_infrastructure_network_servicesef600a_firmwaremanageability_software_development_kitessbasegraalvmdata_ontaphci_management_nodefedorae-series_santricity_os_controlleraff_a250nessus_network_monitorenterprise_manager_ops_centercommunications_session_border_controllerenterprise_communications_brokerapi_gatewaycommunications_session_routeroncommand_insightjd_edwards_world_securityenterprise_manager_for_storage_managementactive_iq_unified_managerlog_correlation_engineoncommand_workflow_automationsolidfireenterprise_session_border_controllermysqlcommunications_diameter_intelligence_hubhttp_serverdebian_linuxplug-in_for_symantec_netbackupcommunications_subscriber-aware_load_balancerclustered_data_ontap_antivirus_connectorjd_edwards_enterpriseone_toolsenterprise_manager_base_platformaff_a250_firmwaremysql_serverOpenSSL
CWE ID-CWE-476
NULL Pointer Dereference
Details not found