CVE-2024-4741 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-4741

CVE-2024-4741

November 13, 2024

A Use After Free exists in OpenSSL when calling the OpenSSL API function SSL_free_buffers, which may cause memory to be accessed that was previously freed in some situations. only applications that directly call the SSL_free_buffers function are affected by this issue. Fixed in commit e5093133c3 (for 3.3), commit c88c3de510 (for 3.2), commit 704f725b96 (for 3.1) and commit b3f0eb0a29 (for 3.0) in the OpenSSL git repository. It is available to premium support customers in commit f7a045f314 (for 1.1.1).

Related Resources (12)

https://security.netapp.com/advisory/ntap-20240621-0004/

https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html

https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html

https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8

https://security.alpinelinux.org/vuln/CVE-2024-4741

https://security-tracker.debian.org/tracker/CVE-2024-4741

https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4

https://github.com/openssl/openssl/commit/b3f0eb0a29

https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac

https://www.openssl.org/news/secadv/20240528.txt

https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d