CVE-2023-35784 - Double Free and Use-After-Free in LibreSSL and OpenBSD’s SSL_clear (Exclusive Deep Dive)

In June 2023, a critical vulnerability surfaced within the SSL/TLS handling code of OpenBSD and LibreSSL. The issue, tracked as CVE-2023-35784, exposes systems to possible double free or use-after-free bugs—a well-known class of bugs that often lead to system crashes or, in some circumstances, even remote code execution. This post explores what CVE-2023-35784 really is, shows what’s affected, demonstrates how it can be triggered, and links out to original sources.

What is CVE-2023-35784?

Essentially, CVE-2023-35784 is a memory management bug tied to resetting SSL objects. In OpenBSD 7.2 (before errata 026), 7.3 (before errata 004), and in LibreSSL before v3.6.3 and v3.7.x before v3.7.3, calling SSL_clear() could cause a double free or use-after-free bug.

> Important: The widely-used OpenSSL library is *not* affected, so the vast universe of Linux and cross-platform OpenSSL users are not at risk from this specific bug.

Technical Explanation (in Simple Language)

- Double free: This happens when a program tries to "free" (release) the same chunk of memory twice. Bad guys can exploit this to crash your program, or worse, run their own code.
- Use-after-free: When code tries to use or access some memory after it has already been freed, leading to unpredictable and sometimes exploitable behavior.

With CVE-2023-35784, the dangerous scenario unfolds after using the SSL_clear() function, which is supposed to reset the SSL state for a session, but it wasn’t safely handling internal data structures.

Real-World Impact:
If your software—

or links against LibreSSL versions before their fixes

—an attacker could potentially crash your service or escalate their privileges.

Libraries Unaffected: OpenSSL

Reference Links:  
- OpenBSD Security Advisory  
- LibreSSL 3.7.3 changelog  
- NIST NVD Entry

Code Example: How Might You Trigger It?

Here’s a simplified C code snippet demonstrating the kind of API usage that’s risky on vulnerable systems:

#include <openssl/ssl.h>

// WARNING: This is unsafe on affected OpenBSD and LibreSSL versions!
void dangerous_ssl_clear(SSL *ssl) {
    SSL_clear(ssl);
    // Do something with ssl
    // ...
    SSL_free(ssl);
}

int main() {
    SSL_CTX *ctx = SSL_CTX_new(TLS_method());
    SSL *ssl = SSL_new(ctx);

    // Setup the SSL connection, then try to clear and reuse/release
    dangerous_ssl_clear(ssl);

    SSL_CTX_free(ctx);
    return ;
}

If your version is vulnerable, this code could cause a double free or use-after-free! Now imagine if this happened inside a big, multithreaded daemon serving thousands of clients.

Exploit Scenario (No Live Exploit Code)

1. Remote attacker opens SSL connection to your server  
2. Server code invokes SSL_clear() on a session object  
3. Due to the bug, memory may be freed unexpectedly,  
4. Malicious input could then trigger a second free or induce the code to use already-freed memory  
5. This could crash your process—or, with skill, an attacker could potentially gain code execution if they chain it with other vulnerabilities.

NOTE: There is *no* easy, ready-to-use exploit publicly posted. But the opportunity for DoS or worse is clear.

Update your software:

- If you use OpenBSD 7.2, apply errata 026
  - If on OpenBSD 7.3, apply errata 004

Make sure you’re not running statically-linked or vendored LibreSSL of a vulnerable version!

3. Audit code that calls SSL_clear or reuses SSL sessions—especially anything dealing with user-facing network connections.

Exclusive Commentary

OpenBSD and LibreSSL pride themselves on security and clean code, but memory management in crypto libraries is always tricky. Bugs like CVE-2023-35784 show the importance of careful memory ownership and deep regression testing. Because OpenSSL is a separate codebase, it *isn’t affected*, but those using OpenBSD’s default fence may still be exposed if they don’t keep up with patches.

For Developers:

If you’re developing on OpenBSD or with LibreSSL, treat SSL_clear() with respect. Make sure you release objects one time only—and always after you’re truly done, not just after “clearing” them.

For Operators:

Review your patching and userland packages, especially if you run custom services using the affected libraries.

Additional Resources

- CVE-2023-35784 at MITRE
- OpenBSD Community Announcement
- Popular writeup on the issue  
- Certificate & SSL Labs security test

Summary Table

| OS / Library   | Version Impacted                  | Patch/Fix Version    |
|----------------|-----------------------------------|---------------------|
| OpenBSD        | 7.2 before errata 026             | 7.2 + errata 026    |
| OpenBSD        | 7.3 before errata 004             | 7.3 + errata 004    |
| LibreSSL       | before 3.6.3, 3.7.x before 3.7.3  | 3.6.3+, 3.7.3+      |
| OpenSSL        | unaffected                        | N/A                 |

In Closing

CVE-2023-35784 isn’t the highest-profile SSL/TLS flaw you’ll see, but it’s a serious reminder about memory safety, even in mature security projects. Patch up, check your code, and keep your SSL handling safe and simple.


Have thoughts or your own findings related to CVE-2023-35784? Sound off in the comments! If you need help patching, see OpenBSD or LibreSSL docs—or reach out to your vendor.

Timeline

Published on: 06/16/2023 20:15:00 UTC
Last modified on: 06/26/2023 22:16:00 UTC