Test ID:	1.3.6.1.4.1.25623.1.0.114828
Category:	General
Title:	OpenSSL OOB Memory Access Vulnerability (20241016) - Linux
Summary:	OpenSSL is prone to an out of bound (OOB) memory access; vulnerability.
Description:	Summary: OpenSSL is prone to an out of bound (OOB) memory access vulnerability. Vulnerability Insight: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Vulnerability Impact: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only 'named curves' are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. Affected Software/OS: OpenSSL versions 1.0.2, 1.1.1, 3.0, 3.1, 3.2 and 3.3. Solution: Update to version 1.0.2zl, 1.1.1zb, 3.0.16, 3.1.8, 3.2.4, 3.3.3 or later once available. Note: As of 01/2025 these updates have not been released yet. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-9143
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.