Skip to main content

Use After Free

CVE-2024-4741

Severity High
Score 7.5/10

Summary

Calling the OpenSSL API function "SSL_free_buffers" may cause memory to be accessed that was previously freed in some situations. The first scenario occurs when a record header has been received from the network and processed by OpenSSL, but the full record body is yet to arrive. The second scenario occurs when a full record containing application data has been received and processed by OpenSSL, but the application has read only a part of this data. In these cases, a call to "SSL_free_buffers" will succeed even though the buffer is still in use. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 3.0 versions prior to 3.0.14, 3.1 versions prior to 3.1.6, 3.2 versions prior to 3.2.2, 3.3 versions prior to 3.3.1 and 1.1.1 versions prior to 1.1.1y are affected by this issue.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-416 - Use After Free

Use-after-free (UaF) vulnerability occurs when the application is using a pointer to memory that has been freed. Any attempt to read/write to a buffer after it is de-allocated allows memory corruption, sensitive information exposure, and can potentially lead to arbitrary code execution.

Advisory Timeline

  • Published