Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-4741

Published: 28 May 2024

Use After Free with SSL_free_buffers

Notes

Author Note
Priority reason:
Upstream OpenSSL developers have rated this as being a low severity issue
mdeslaur
1.0.2 is not affected, 1.1.1, and 3.x are affected

Priority

Low

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Needed

jammy Needed

mantic Ignored
(end of life, was needed)
noble Needed

upstream Needs triage

xenial Needs triage

nodejs
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Not vulnerable
(uses system openssl)
jammy Needed

mantic Not vulnerable
(uses system openssl)
noble Not vulnerable
(uses system openssl)
trusty Not vulnerable
(uses system openssl)
upstream Needs triage

xenial Needs triage

openssl
Launchpad, Ubuntu, Debian
bionic Needs triage

focal
Released (1.1.1f-1ubuntu2.23)
jammy
Released (3.0.2-0ubuntu1.17)
mantic Ignored
(end of life, was needed)
noble
Released (3.0.13-0ubuntu3.2)
trusty Needs triage

upstream Needs triage

xenial Needs triage

Patches:
upstream: https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d
upstream: https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac
openssl1.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(1.0.2 not affected)
focal Does not exist

jammy Does not exist

mantic Does not exist

noble Does not exist

upstream Needs triage