CVE-2023-35784 in LibreSSLinfo

Summary

by MITRE • 06/16/2023

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/10/2026

This vulnerability represents a critical memory management flaw that affects SSL/TLS implementations in OpenBSD and LibreSSL software stacks. The issue manifests as a double free or use after free condition that occurs specifically after the SSL_clear function is invoked, creating potential pathways for memory corruption and system instability. The vulnerability impacts multiple versions of OpenBSD including 7.2 before errata 026 and 7.3 before errata 004, while also affecting LibreSSL versions prior to 3.6.3 and 3.7.x before 3.7.3, demonstrating the widespread nature of this memory safety issue. The fact that OpenSSL remains unaffected highlights the specific implementation details within the affected software stacks that create this vulnerability.

The technical root cause of this vulnerability lies in improper memory deallocation handling within the SSL_clear function implementation. When SSL_clear is called to reset an SSL connection state, the underlying memory management code fails to properly track and handle memory references, leading to scenarios where the same memory block may be freed twice or accessed after being freed. This type of memory corruption vulnerability falls under CWE-415 which specifically addresses double free conditions, while also exhibiting characteristics of CWE-416 related to use after free errors. The vulnerability occurs during the cleanup phase of SSL operations when connection state is being reset, making it particularly dangerous in environments where SSL connections are frequently established and torn down.

The operational impact of this vulnerability extends beyond simple memory corruption, potentially enabling attackers to execute arbitrary code or cause denial of service conditions within affected systems. When memory is freed twice or accessed after deallocation, it can lead to heap corruption that may be exploited to overwrite critical memory structures or execute malicious code. This vulnerability is particularly concerning in server environments where SSL/TLS services are heavily utilized, as it could allow remote attackers to compromise system integrity or availability. The attack surface is broad given that SSL_clear is a standard function called during normal SSL connection lifecycle operations, making this vulnerability exploitable in various network service contexts.

Mitigation strategies for this vulnerability require immediate patching of affected software versions to address the memory management issues within SSL_clear implementation. System administrators should prioritize updating OpenBSD systems to versions including errata 026 and 004 respectively, while LibreSSL installations must be upgraded to 3.6.3 or 3.7.3 releases. Additionally, implementing network monitoring to detect unusual SSL connection patterns and maintaining strict access controls around SSL services can provide defense in depth. The vulnerability demonstrates the importance of rigorous memory safety testing in cryptographic libraries, particularly in functions that manage connection state and memory cleanup operations. Organizations should also consider implementing automated patch management systems to ensure timely deployment of security updates across their infrastructure, as this type of vulnerability can be exploited in active attack scenarios where memory corruption leads to system compromise.

Reservation

06/16/2023

Disclosure

06/16/2023

Moderation

accepted

CPE

ready

EPSS

0.00948

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!