EUVD-2024-46737

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Calling SSL_select_next_proto with an empty protocols buffer can lead to memory leaks and crashes.

Reporter	Title	Published	Views	Family All 417
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	19 Jun 202505:35	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability found in package openssl shipped with IBM CICS TX Advanced.	17 Feb 202515:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	19 Jun 202517:24	–	ibm
IBM Security Bulletins	Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-4741) and denial of service (CVE-2024-5535, CVE-2024-4603) due to OpenSSL	30 Jul 202422:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	19 Dec 202416:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-5535]	28 Jan 202522:08	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i is affected by errors in OpenSSL as part of IBM Portable Utilities for i due to multiple vulnerabilities.	24 Jul 202517:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in openssl library (CVE-2024-5535) affects Power HMC.	18 Feb 202511:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities	11 Sep 202408:43	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "98384f52-b812-3c34-94e7-e2aca30196c8",
        "vendor": {
          "name": "OpenSSL"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "110d6860-8edb-388b-84d9-1ddefd866b63",
        "product": {
          "name": "OpenSSL"
        },
        "product_version": "1.1.1 <1.1.1za"
      },
      {
        "id": "211c18ad-29f8-3900-a290-71d9081c4f7b",
        "product": {
          "name": "OpenSSL"
        },
        "product_version": "3.1.0 <3.1.7"
      },
      {
        "id": "974e1c66-abfe-3dc9-afe4-f2bf789c5b46",
        "product": {
          "name": "OpenSSL"
        },
        "product_version": "3.2.0 <3.2.3"
      },
      {
        "id": "bd40f004-1a7b-3958-a01d-cd016f48d015",
        "product": {
          "name": "OpenSSL"
        },
        "product_version": "1.0.2 <1.0.2zk"
      },
      {
        "id": "c358d453-82d3-3501-b54b-8b62f5ec4754",
        "product": {
          "name": "OpenSSL"
        },
        "product_version": "3.0.0 <3.0.15"
      },
      {
        "id": "dbc28a6b-9f1c-3b0f-aecb-965b93738426",
        "product": {
          "name": "OpenSSL"
        },
        "product_version": "3.3.0 <3.3.2"
      }
    ]
  }
]

Source	Link
openssl	www.openssl.org/news/secadv/20240627.txt
github	www.github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c
github	www.github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e
github	www.github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37
github	www.github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c
github	www.github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87
github	www.github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c
openwall	www.openwall.com/lists/oss-security/2024/06/27/1
openwall	www.openwall.com/lists/oss-security/2024/06/28/4
security	www.security.netapp.com/advisory/ntap-20240712-0005/

03 Oct 2025 20:07Current

7.4High risk

Vulners AI Score7.4

CVSS 3.19.1

EPSS0.06873

SSVC