Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gz4c-x1gb-muat
Vulnerability ID VCID-gz4c-x1gb-muat
Aliases CVE-2024-9143
Summary openssl: Low-level invalid GF(2^m) parameters lead to OOB memory access
Status Published
Exploitability 0.5
Weighted Severity 3.9
Risk 1.9
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-125 Out-of-bounds Read
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9143.json
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2024-9143
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2024-9143
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2024-9143
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2024-9143
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2024-9143
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2024-9143
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2024-9143
epss 0.00639 https://api.first.org/data/v1/epss?cve=CVE-2024-9143
cvssv3.1 7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 4.3 https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712
ssvc Track https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712
cvssv3.1 4.3 https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700
ssvc Track https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700
cvssv3.1 4.3 https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4
ssvc Track https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4
cvssv3.1 4.3 https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154
ssvc Track https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154
cvssv3.1 4.3 https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
ssvc Track https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
cvssv3.1 4.3 https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
ssvc Track https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
cvssv3.1 4.3 https://openssl-library.org/news/secadv/20241016.txt
ssvc Track https://openssl-library.org/news/secadv/20241016.txt
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9143.json
https://api.first.org/data/v1/epss?cve=CVE-2024-9143
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1085378 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085378
20241016.txt https://openssl-library.org/news/secadv/20241016.txt
2319236 https://bugzilla.redhat.com/show_bug.cgi?id=2319236
72ae83ad214d2eef262461365a1975707f862712 https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712
8efc0cbaa8ebba8e116f7b81a876a4123594d86a https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
9d576994cec2b7aa37a91740ea7e680810957e41 https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
bc7e04d7c8d509fb78fc0e285aa948fb0da04700 https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700
c0d3e4d32d2805f49bec30547f225bc4d092e1f4 https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4
fdf6723362ca51bd883295efe206cb5b1cfa5154 https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154
USN-7264-1 https://usn.ubuntu.com/7264-1/
USN-7278-1 https://usn.ubuntu.com/7278-1/
USN-7894-1 https://usn.ubuntu.com/7894-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9143.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/ Found at https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/ Found at https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/ Found at https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/ Found at https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://openssl-library.org/news/secadv/20241016.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-16T19:45:11Z/ Found at https://openssl-library.org/news/secadv/20241016.txt
Exploit Prediction Scoring System (EPSS)
Percentile 0.70462
EPSS Score 0.00639
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:44:40.810329+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9143.json 38.0.0