CVE-2024-5535 | OpenSSL up to 3.3.1 Client Protocol SSL_select_next_proto client/client_len memory corruption

Posted by Angelo Barbosa | Jun 27, 2024 | CVE

A vulnerability was found in OpenSSL up to 3.3.1. It has been declared as critical. This vulnerability affects the function SSL_select_next_proto of the component Client Protocol Handler. The manipulation of the argument client/client_len leads to memory corruption.

This vulnerability was named CVE-2024-5535. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-5535 | OpenSSL up to 3.3.1 Client Protocol SSL_select_next_proto client/client_len memory corruption

Related Posts

CVE-2024-40645 | FOGproject FOG prior 1.5.10.41 Banner Image unrestricted upload (GHSA-59mq-q8g5-2f4f)

CVE-2024-3427 | SourceCodester Online Courseware 1.0 addq.php id cross site scripting

CVE-2024-0397 | Python CPython up to 3.10.13/3.11.8/3.12.2/3.13.0a4 TLS Handshake cert_store_stats/get_ca_certs race condition (Issue 114572)

CVE-2023-7180 | Tongda OA 2017 up to 11.9 delete.php PROJ_ID_STR sql injection