Home/CVE/Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer ma
CVE

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer ma

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality.

However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation).

NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list.

In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists).

This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length.

In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a "no overlap" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap.

OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead.

If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error.

Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time.

The fix will be included in the next releases when they become available.

CRITICAL · CVSS 9.1 EPSS 0.06702
Act now
  • EPSS percentile: top 9% of all CVEs by exploitation likelihood
  • Public exploit or PoC is available
  • SSVC automatable: yes - attacks can be scripted at scale
  • CVSS base score ≥ 7.0
Sigma rules0 YARA rules0
Look this up elsewhere - one-click external pivots
NVDCVE.orgCISAVulnersExploit-DBGitHub PoCVulnCheck KEVGreyNoise
How to read a CVE - triage first, then detect and patch
This page is every public fact about CVE-2024-5535, cross-linked. Its job is to answer one question fast - does this need my attention now? - and then hand you the two things you do about it. Here is how an analyst reads it.
Triage: should I act now? Four signals, and they are not interchangeable:
CVSSseverity - how bad it is IF exploited, 0-10. A high CVSS alone is not urgency; a flaw can be a perfect 10 and never actually be attacked. EPSSprobability - a model’s estimate of the chance it is exploited in the next 30 days, 0-1. This is the “will it actually happen” signal. CISA KEVconfirmed - it is being exploited in the wild right now. The strongest signal on the page; KEV beats any score. Weaponisedavailability - public exploits / PoCs, and especially Metasploit modules rated Excellent / Great. Reliable, packaged exploit code means low-skill attackers can use it today.
How they combine: KEV, or a dependable Metasploit module, means patch now regardless of CVSS. High CVSS + low EPSS + no exploit is real but not an emergency - schedule it. Low CVSS but KEV-listed still gets patched now. The verdict above already weighed these for you; this is how it got there.
Then what - two workflows:
Detectwhen you cannot patch today, follow this CVE to the ATT&CK techniques it enables, then Build a SIEM detection (the green button) - author a rule, test it in Atomic, deploy it. That buys visibility while the patch waits. PatchAffected products / packages tell you if you are exposed; Fixed versions by distribution and Vendor advisories give the exact version that closes it.
Reading order for the panels below: verdict + badges, then Public exploits / Metasploit (is it weaponised), then ATT&CK techniques + Sigma / IDS rules (can I detect it), then Affected products / packages + Fixed versions (am I exposed, what patches it), then Threat actors / IOCs (who uses it), then Scoring & timeline / references (the evidence).

ATT&CK techniques

1

Techniques this CVE enables - linked via CWECAPECATT&CK. High◆ = named directly in ATT&CK or Nuclei templates.

T1190 · Exploit Public-Facing Application
▤ Build a SIEM detection for these techniques

CAPEC attack patterns

1

Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.

CAPEC-CAPEC-540 · Overread Buffers

Weakness Classification

CWE-125Out-of-bounds Read

Affected Packages

15
Language-ecosystem packages (from OSV) tied to this CVE, with the version that fixes it - the dependency-level detail NVD doesn’t carry.
Ubuntu:20.04:LTS edk2
Ubuntu:20.04:LTS openssl fixed in 1.1.1f-1ubuntu2.23
Ubuntu:22.04:LTS edk2
Ubuntu:22.04:LTS nodejs
Ubuntu:22.04:LTS openssl fixed in 3.0.2-0ubuntu1.17
Ubuntu:24.04:LTS edk2
Ubuntu:24.04:LTS openssl fixed in 3.0.13-0ubuntu3.2
Ubuntu:Pro:14.04:LTS openssl
Ubuntu:Pro:16.04:LTS edk2
Ubuntu:Pro:16.04:LTS nodejs
Ubuntu:Pro:16.04:LTS openssl
Ubuntu:Pro:18.04:LTS edk2
Ubuntu:Pro:18.04:LTS nodejs
Ubuntu:Pro:18.04:LTS openssl
Ubuntu:Pro:18.04:LTS openssl1.0

Public Exploits & PoCs

14
These PoC and exploit links come from public sources and are not verified to be safe or functional. Review the code before running anything, and treat unverified entries as untrusted.
pocwebsecnl/CVE-2024-5535 (nomi-sec)
pocCodingSimia/jenkins-shiftleft (trickest)
pocardhiatno/ubimicro-fluentbit (trickest)
pocchnzzh/OpenSSL-CVE-lib (trickest)
pocfelipecruz91/e2e-scout (trickest)
pocfkie-cad/nvd-json-data-feeds (trickest)
poch4ckm1n-dev/report-test (trickest)
pockalaiyarasan10203/ELEVATE_LABS-INTERN-TASK_NO-3 (trickest)
pockherrick/lobsters (trickest)
pocmmbazm/secure_license_server (trickest)
pocnomi-sec/PoC-in-GitHub (trickest)
pocpawan-shivarkar/List-of-CVE-s- (trickest)
pocpawan-shivarkar/pawan-shivarkar (trickest)
pocpoikl246/DevSecOps-2024-v2 (trickest)
📦

Fixed versions by distribution

69
The package version that resolves this CVE on each Linux distribution, from the vendor’s published security data. fixed in shows a patched version exists; open means the package is listed as affected with no fix yet.
alpine edgeopenssl fixed in 3.3.1-r1
alpine v3.19openssl fixed in 3.1.6-r0
alpine v3.20openssl fixed in 3.3.1-r1
oracle allmecab open
oracle allmecab-devel open
oracle allmecab-ipadic open
oracle allmecab-ipadic-EUCJP open
oracle allmysql open
oracle allmysql-common open
oracle allmysql-devel open
oracle allmysql-errmsg open
oracle allmysql-libs fixed in 0:8.0.41-1.module+el8.10.0+90521+d5cc5c65
oracle allmysql-server fixed in 0:8.0.41-1.module+el8.10.0+90521+d5cc5c65
oracle allmysql-test open
oracle allopenssl open
oracle allopenssl-devel open
oracle allopenssl-fips-provider open
oracle allopenssl-fips-provider-so fixed in 0:3.0.7-6.0.1.el9_5
oracle allopenssl-libs fixed in 1:1.1.1k-14.el8_6
oracle allopenssl-perl open
oracle allopenssl-static fixed in 2:1.1.1k-14.ksplice1.el8_6
rhel 8mecab fixed in 0:0.996-2.module+el8.10.0+22857+7f331edd
rhel 8mecab-devel fixed in 0:0.996-2.module+el8.10.0+22857+7f331edd
rhel 8mecab-ipadic fixed in 0:2.7.0.20070801-17.module+el8.10.0+22857+7f331edd
rhel 8mecab-ipadic-EUCJP fixed in 0:2.7.0.20070801-17.module+el8.10.0+22857+7f331edd
rhel 8mysql open
rhel 8mysql-common open
rhel 8mysql-devel open
rhel 8mysql-errmsg open
rhel 8mysql-libs open
rhel 8mysql-server open
rhel 8mysql-test fixed in 0:8.0.41-1.module+el8.10.0+22857+7f331edd
rhel 8openssl open
rhel 8openssl-devel fixed in 1:1.1.1k-14.el8_6
rhel 8openssl-libs fixed in 1:1.1.1k-14.el8_6
rhel 8openssl-perl fixed in 1:1.1.1k-14.el8_6
rhel 9mysql open
rhel 9mysql-common open
rhel 9mysql-devel fixed in 0:8.0.41-2.el9_5
rhel 9mysql-errmsg open
rhel 9mysql-libs fixed in 0:8.0.41-2.el9_5
rhel 9mysql-server open
rhel 9mysql-test open
rhel 9openssl fixed in 1:3.2.2-6.el9_5
rhel 9openssl-devel open
rhel 9openssl-libs open
rhel 9openssl-perl fixed in 1:3.2.2-6.el9_5
suse sle15libopenssl-1_0_0-devel fixed in 0:1.0.2p-150000.3.94.1
suse sle15libopenssl-1_1-devel fixed in 0:1.1.1w-150700.9.37
suse sle15libopenssl-1_1-devel-32bit fixed in 0:1.1.1d-150200.11.94.1
suse sle15libopenssl-3-devel fixed in 0:3.0.8-150400.4.60.1
suse sle15libopenssl-3-fips-provider fixed in 0:3.1.4-150600.5.10.1
suse sle15libopenssl-3-fips-provider-32bit fixed in 0:3.2.3-150700.3.20
suse sle15libopenssl-devel open
suse sle15libopenssl-fips-provider open
suse sle15libopenssl10 fixed in 0:1.0.2p-150000.3.94.1
suse sle15libopenssl1_0_0 fixed in 0:1.0.2p-150000.3.94.1
suse sle15libopenssl1_0_0-hmac fixed in 0:1.0.2p-150000.3.94.1
suse sle15libopenssl1_1 fixed in 0:1.1.1w-150700.9.37
suse sle15libopenssl1_1-32bit fixed in 0:1.1.1d-150200.11.94.1
suse sle15libopenssl1_1-hmac fixed in 0:1.1.1l-150500.17.34.1
suse sle15libopenssl1_1-hmac-32bit fixed in 0:1.1.1d-150200.11.94.1
suse sle15libopenssl3 fixed in 0:3.0.8-150500.5.39.1
suse sle15libopenssl3-32bit fixed in 0:3.2.3-150700.3.20
suse sle15openssl open
suse sle15openssl-1_0_0 fixed in 0:1.0.2p-150000.3.94.1
suse sle15openssl-1_1 fixed in 0:1.1.1d-150200.11.94.1
suse sle15openssl-3 fixed in 0:3.0.8-150400.4.60.1
suse sle15openssl-3-livepatches fixed in 0:0.1-150600.13.3.1

Scoring & Timeline

9.1
CRITICAL · CVSS v3.1 · [email protected]
View on NVD
Attack Vector
Network Adjacent Local Physical
Attack Complexity
Low High
Privileges Required
None Low High
User Interaction
None Required
Scope
Unchanged Changed
Confidentiality
None Low High
Integrity
None Low High
Availability
None Low High
Published to NVD27 Jun 2024 · 11:15 AM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
SSVC triage · cisa-vulnrichment
Exploitation
none
Automatable
yes
Technical impact
partial
SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

Vendor Advisories

30
siemens-csafSSA-202008
usnUSN-7894-1
siemens-csafSSA-613116
siemens-csafSSA-277137
rhsaRHSA-2025:3453Important
🔗

References & Sources

21
Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.
https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37
https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e
https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c
https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c
https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c
https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh