CVE-2024-4741

{"id": "CVE-2024-4741", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-13T11:15:04.480", "references": [{"url": "https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177", "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d", "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac", "source": "openssl-security@openssl.org"}, {"url": "https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8", "source": "openssl-security@openssl.org"}, {"url": "https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4", "source": "openssl-security@openssl.org"}, {"url": "https://www.openssl.org/news/secadv/20240528.txt", "source": "openssl-security@openssl.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240621-0004/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "openssl-security@openssl.org", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause\nmemory to be accessed that was previously freed in some situations\n\nImpact summary: A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.\n\nThe SSL_free_buffers function is used to free the internal OpenSSL buffer used\nwhen processing an incoming record from the network. The call is only expected\nto succeed if the buffer is not currently in use. However, two scenarios have\nbeen identified where the buffer is freed even when still in use.\n\nThe first scenario occurs where a record header has been received from the\nnetwork and processed by OpenSSL, but the full record body has not yet arrived.\nIn this case calling SSL_free_buffers will succeed even though a record has only\nbeen partially processed and the buffer is still in use.\n\nThe second scenario occurs where a full record containing application data has\nbeen received and processed by OpenSSL but the application has only read part of\nthis data. Again a call to SSL_free_buffers will succeed even though the buffer\nis still in use.\n\nWhile these scenarios could occur accidentally during normal operation a\nmalicious attacker could attempt to engineer a stituation where this occurs.\nWe are not aware of this issue being actively exploited.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."}, {"lang": "es", "value": "Resumen del problema: Llamar a la funci\u00f3n de API de OpenSSL SSL_free_buffers puede provocar que se acceda a la memoria que se liber\u00f3 previamente en algunas situaciones Resumen del impacto: Un use after free puede tener una variedad de posibles consecuencias, como la corrupci\u00f3n de datos v\u00e1lidos, fallas o ejecuci\u00f3n de c\u00f3digo arbitrario. Sin embargo, solo las aplicaciones que llaman directamente a la funci\u00f3n SSL_free_buffers se ven afectadas por este problema. Las aplicaciones que no llaman a esta funci\u00f3n no son vulnerables. Nuestras investigaciones indican que las aplicaciones rara vez usan esta funci\u00f3n. La funci\u00f3n SSL_free_buffers se usa para liberar el b\u00fafer interno de OpenSSL que se usa al procesar un registro entrante de la red. Solo se espera que la llamada tenga \u00e9xito si el b\u00fafer no est\u00e1 actualmente en uso. Sin embargo, se han identificado dos escenarios en los que el b\u00fafer se libera incluso cuando todav\u00eda est\u00e1 en uso. El primer escenario ocurre cuando se recibi\u00f3 un encabezado de registro de la red y OpenSSL lo proces\u00f3, pero a\u00fan no lleg\u00f3 el cuerpo completo del registro. En este caso, llamar a SSL_free_buffers tendr\u00e1 \u00e9xito incluso si un registro solo se proces\u00f3 parcialmente y el b\u00fafer todav\u00eda est\u00e1 en uso. El segundo escenario ocurre cuando OpenSSL ha recibido y procesado un registro completo que contiene datos de la aplicaci\u00f3n, pero la aplicaci\u00f3n solo ha le\u00eddo parte de estos datos. Nuevamente, una llamada a SSL_free_buffers tendr\u00e1 \u00e9xito aunque el b\u00fafer a\u00fan est\u00e9 en uso. Si bien estos escenarios podr\u00edan ocurrir accidentalmente durante el funcionamiento normal, un atacante malintencionado podr\u00eda intentar crear una situaci\u00f3n en la que esto ocurra. No tenemos conocimiento de que este problema se est\u00e9 explotando activamente. Los m\u00f3dulos FIPS en 3.3, 3.2, 3.1 y 3.0 no se ven afectados por este problema."}], "lastModified": "2025-11-04T18:16:42.500", "sourceIdentifier": "openssl-security@openssl.org"}