vulnerability

FreeBSD: VID-c6f4177c-8e29-11ef-98e7-84a93843eb75 (CVE-2024-9143): OpenSSL -- OOB memory access vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:P/A:N)

Published

Oct 19, 2024

Added

Oct 21, 2024

Modified

Mar 25, 2026

Description

The OpenSSL project reports: Low-level invalid GF(2^m) parameters lead to OOB memory access (CVE-2024-9143) (Low) Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes.

Solutions

freebsd-upgrade-package-opensslfreebsd-upgrade-package-openssl31freebsd-upgrade-package-openssl32freebsd-upgrade-package-openssl33freebsd-upgrade-package-openssl-quictlsfreebsd-upgrade-package-openssl31-quictls

References

CVE-2024-9143
https://attackerkb.com/topics/CVE-2024-9143
CWE-125
CWE-787
EUVD-EUVD-2024-49755
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-49755

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report