fkie_cve-2024-2511
Vulnerability from fkie_nvd
Published
2024-04-08 14:15
Modified
2025-03-28 20:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.
References
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
openssl-security@openssl.orghttps://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
openssl-security@openssl.orghttps://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20240408.txt
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/04/08/5
af854a3a-2127-422b-91ae-364da2661108https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce
af854a3a-2127-422b-91ae-364da2661108https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d
af854a3a-2127-422b-91ae-364da2661108https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08
af854a3a-2127-422b-91ae-364da2661108https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240503-0013/
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20240408.txt
Impacted products
Vendor Product Version


To clipboard 

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\n\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\n\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\n\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.",
      },
      {
         lang: "es",
         value: "Resumen del problema: algunas configuraciones de servidor TLS no predeterminadas pueden causar un crecimiento ilimitado de la memoria al procesar sesiones TLSv1.3. Resumen de impacto: un atacante puede explotar ciertas configuraciones del servidor para desencadenar un crecimiento ilimitado de la memoria que conduciría a una denegación de servicio. Este problema puede ocurrir en TLSv1.3 si se utiliza la opción SSL_OP_NO_TICKET no predeterminada (pero no si también se configura la compatibilidad con early_data y se utiliza la protección antirrepetición predeterminada). En este caso, bajo ciertas condiciones, el caché de la sesión puede entrar en un estado incorrecto y no se vaciará correctamente a medida que se llena. La caché de la sesión seguirá creciendo de forma ilimitada. Un cliente malintencionado podría crear deliberadamente el escenario para que este fallo fuerce una denegación de servicio. También puede ocurrir por accidente durante el funcionamiento normal. Este problema solo afecta a los servidores TLS que admiten TLSv1.3. No afecta a los clientes TLS. Los módulos FIPS en 3.2, 3.1 y 3.0 no se ven afectados por este problema. OpenSSL 1.0.2 tampoco se ve afectado por este problema.",
      },
   ],
   id: "CVE-2024-2511",
   lastModified: "2025-03-28T20:15:22.200",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2024-04-08T14:15:07.660",
   references: [
      {
         source: "openssl-security@openssl.org",
         url: "https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640",
      },
      {
         source: "openssl-security@openssl.org",
         url: "https://www.openssl.org/news/secadv/20240408.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2024/04/08/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openssl/openssl/commit/7e4d731b1c07201ad9374c1cd9ac5263bdf35bce",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openssl/openssl/commit/b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openssl/openssl/commit/e9d7083e241670332e0443da0f0d4ffb52829f08",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.openssl.org/openssl/extended-releases/commit/5f8d25770ae6437db119dfc951e207271a326640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20240503-0013/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.openssl.org/news/secadv/20240408.txt",
      },
   ],
   sourceIdentifier: "openssl-security@openssl.org",
   vulnStatus: "Awaiting Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-1325",
            },
         ],
         source: "openssl-security@openssl.org",
         type: "Secondary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.