{"id":"CVE-2024-9143","details":"Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted\nexplicit values for the field polynomial can lead to out-of-bounds memory reads\nor writes.\n\nImpact summary: Out of bound memory writes can lead to an application crash or\neven a possibility of a remote code execution, however, in all the protocols\ninvolving Elliptic Curve Cryptography that we're aware of, either only \"named\ncurves\" are supported, or, if explicit curve parameters are supported, they\nspecify an X9.62 encoding of binary (GF(2^m)) curves that can't represent\nproblematic input values. Thus the likelihood of existence of a vulnerable\napplication is low.\n\nIn particular, the X9.62 encoding is used for ECC keys in X.509 certificates,\nso problematic inputs cannot occur in the context of processing X.509\ncertificates.  Any problematic use-cases would have to be using an \"exotic\"\ncurve encoding.\n\nThe affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),\nand various supporting BN_GF2m_*() functions.\n\nApplications working with \"exotic\" explicit binary (GF(2^m)) curve parameters,\nthat make it possible to represent invalid field polynomials with a zero\nconstant term, via the above or similar APIs, may terminate abruptly as a\nresult of reading or writing outside of array bounds.  Remote code execution\ncannot easily be ruled out.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.","modified":"2026-04-16T04:33:12.098562505Z","published":"2024-10-16T17:15:18.130Z","related":["CGA-3j72-vx7g-q9jf","USN-7264-1","openSUSE-SU-2024:14416-1"],"references":[{"type":"WEB","url":"https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a"},{"type":"WEB","url":"https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41"},{"type":"WEB","url":"https://openssl-library.org/news/secadv/20241016.txt"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/10/23/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/10/24/1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/10/16/1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241101-0001/"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"0"},{"fixed":"72ae83ad214d2eef262461365a1975707f862712"}]},{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"0"},{"fixed":"bc7e04d7c8d509fb78fc0e285aa948fb0da04700"}]},{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"0"},{"fixed":"c0d3e4d32d2805f49bec30547f225bc4d092e1f4"}]},{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"0"},{"fixed":"fdf6723362ca51bd883295efe206cb5b1cfa5154"}]}],"versions":["BEFORE_engine","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6-beta3","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_1","OpenSSL_1_1_1-pre1","OpenSSL_1_1_1-pre2","OpenSSL_1_1_1-pre3","OpenSSL_1_1_1-pre4","OpenSSL_1_1_1-pre5","OpenSSL_1_1_1-pre6","OpenSSL_1_1_1-pre7","OpenSSL_1_1_1-pre8","OpenSSL_1_1_1-pre9","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat","openssl-3.0.0","openssl-3.0.0-alpha1","openssl-3.0.0-alpha10","openssl-3.0.0-alpha11","openssl-3.0.0-alpha12","openssl-3.0.0-alpha13","openssl-3.0.0-alpha14","openssl-3.0.0-alpha15","openssl-3.0.0-alpha16","openssl-3.0.0-alpha17","openssl-3.0.0-alpha2","openssl-3.0.0-alpha3","openssl-3.0.0-alpha4","openssl-3.0.0-alpha5","openssl-3.0.0-alpha6","openssl-3.0.0-alpha7","openssl-3.0.0-alpha8","openssl-3.0.0-alpha9","openssl-3.0.0-beta1","openssl-3.0.0-beta2","openssl-3.0.1","openssl-3.0.10","openssl-3.0.11","openssl-3.0.12","openssl-3.0.13","openssl-3.0.14","openssl-3.0.15","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.0.8","openssl-3.0.9","openssl-3.1.0","openssl-3.1.0-alpha1","openssl-3.1.0-beta1","openssl-3.1.1","openssl-3.1.2","openssl-3.1.3","openssl-3.1.4","openssl-3.1.5","openssl-3.1.6","openssl-3.1.7","openssl-3.2.0","openssl-3.2.0-alpha1","openssl-3.2.0-alpha2","openssl-3.2.0-beta1","openssl-3.2.1","openssl-3.2.2","openssl-3.2.3","openssl-3.3.0","openssl-3.3.0-alpha1","openssl-3.3.0-beta1","openssl-3.3.1","openssl-3.3.2"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"test/ec_internal_test.c"},"deprecated":false,"id":"CVE-2024-9143-28dcee6c","source":"https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700","digest":{"line_hashes":["202560716467995180801900703314012126638","231076714992210239911677876085986544653","119476550149019858610160764241585512883","237713134421560846878241190267682686452","291912177671523663250360670212314966717","148718397703357758449784276736258891876","8308956487359903771982894414540058331","219665286569007368979236427780197060159"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"file":"crypto/bn/bn_gf2m.c","function":"BN_GF2m_poly2arr"},"deprecated":false,"id":"CVE-2024-9143-2f7e43bd","source":"https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4","digest":{"function_hash":"30673062630639656303483208802482655434","length":494},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"test/ec_internal_test.c","function":"setup_tests"},"deprecated":false,"id":"CVE-2024-9143-35f05384","source":"https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700","digest":{"function_hash":"159961323144863637841029808721197081977","length":585},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"crypto/bn/bn_gf2m.c","function":"BN_GF2m_poly2arr"},"id":"CVE-2024-9143-3e208a4f","deprecated":false,"source":"https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712","digest":{"function_hash":"30673062630639656303483208802482655434","length":494},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"test/ec_internal_test.c"},"deprecated":false,"id":"CVE-2024-9143-520f2dac","source":"https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4","digest":{"line_hashes":["202560716467995180801900703314012126638","231076714992210239911677876085986544653","119476550149019858610160764241585512883","237713134421560846878241190267682686452","291912177671523663250360670212314966717","148718397703357758449784276736258891876","8308956487359903771982894414540058331","219665286569007368979236427780197060159"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"file":"crypto/bn/bn_gf2m.c"},"id":"CVE-2024-9143-5b653082","deprecated":false,"source":"https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700","digest":{"line_hashes":["230361427007416664995616424352791763469","68454496777232705137616949383570055801","174227485603324825134703660955423564225","306374039697804480350160125378658725435","223787537721903344733141597182001711142","305852724676774806958748002571762917320","61902118637910596077004663207701223681","278724473247779637198513168995006009135","150804929727413209120953746872414715465","166774358343717215765245239236385866693","116293081894868411264108492273509366961","326496170417124709669304286305887789679","278306348133167756990680493182074324125","189649085256091224929149730235838635518","82945606976757935725900546138315651129","136187505923069729147869676886657763243","233447734599456461300796481665382809870","116930820689846462220149337293161556595","153181275943870954612030432229689150702","65985025876624501603393736976041980125"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"file":"test/ec_internal_test.c","function":"setup_tests"},"deprecated":false,"id":"CVE-2024-9143-5c591904","source":"https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154","digest":{"function_hash":"159961323144863637841029808721197081977","length":585},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"crypto/bn/bn_gf2m.c","function":"BN_GF2m_poly2arr"},"deprecated":false,"id":"CVE-2024-9143-65ffd6d0","source":"https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154","digest":{"function_hash":"30673062630639656303483208802482655434","length":494},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"crypto/bn/bn_gf2m.c","function":"BN_GF2m_poly2arr"},"deprecated":false,"id":"CVE-2024-9143-7358c488","source":"https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700","digest":{"function_hash":"30673062630639656303483208802482655434","length":494},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"crypto/bn/bn_gf2m.c"},"id":"CVE-2024-9143-894da43e","deprecated":false,"source":"https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712","digest":{"line_hashes":["230361427007416664995616424352791763469","68454496777232705137616949383570055801","174227485603324825134703660955423564225","306374039697804480350160125378658725435","223787537721903344733141597182001711142","305852724676774806958748002571762917320","61902118637910596077004663207701223681","278724473247779637198513168995006009135","150804929727413209120953746872414715465","166774358343717215765245239236385866693","116293081894868411264108492273509366961","326496170417124709669304286305887789679","278306348133167756990680493182074324125","189649085256091224929149730235838635518","82945606976757935725900546138315651129","136187505923069729147869676886657763243","233447734599456461300796481665382809870","116930820689846462220149337293161556595","153181275943870954612030432229689150702","65985025876624501603393736976041980125"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"file":"test/ec_internal_test.c"},"id":"CVE-2024-9143-ae3aad94","deprecated":false,"source":"https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154","digest":{"line_hashes":["202560716467995180801900703314012126638","231076714992210239911677876085986544653","119476550149019858610160764241585512883","237713134421560846878241190267682686452","291912177671523663250360670212314966717","148718397703357758449784276736258891876","8308956487359903771982894414540058331","219665286569007368979236427780197060159"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"file":"test/ec_internal_test.c","function":"setup_tests"},"deprecated":false,"id":"CVE-2024-9143-bd78715a","source":"https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712","digest":{"function_hash":"159961323144863637841029808721197081977","length":585},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"crypto/bn/bn_gf2m.c"},"deprecated":false,"id":"CVE-2024-9143-c1616925","source":"https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154","digest":{"line_hashes":["230361427007416664995616424352791763469","68454496777232705137616949383570055801","174227485603324825134703660955423564225","306374039697804480350160125378658725435","223787537721903344733141597182001711142","305852724676774806958748002571762917320","61902118637910596077004663207701223681","278724473247779637198513168995006009135","150804929727413209120953746872414715465","166774358343717215765245239236385866693","116293081894868411264108492273509366961","326496170417124709669304286305887789679","278306348133167756990680493182074324125","189649085256091224929149730235838635518","82945606976757935725900546138315651129","136187505923069729147869676886657763243","233447734599456461300796481665382809870","116930820689846462220149337293161556595","153181275943870954612030432229689150702","65985025876624501603393736976041980125"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"file":"test/ec_internal_test.c"},"deprecated":false,"id":"CVE-2024-9143-cc5bdbb4","source":"https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712","digest":{"line_hashes":["202560716467995180801900703314012126638","231076714992210239911677876085986544653","119476550149019858610160764241585512883","237713134421560846878241190267682686452","291912177671523663250360670212314966717","148718397703357758449784276736258891876","8308956487359903771982894414540058331","219665286569007368979236427780197060159"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"file":"test/ec_internal_test.c","function":"setup_tests"},"deprecated":false,"id":"CVE-2024-9143-cf8e54a0","source":"https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4","digest":{"function_hash":"159961323144863637841029808721197081977","length":585},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"crypto/bn/bn_gf2m.c"},"deprecated":false,"id":"CVE-2024-9143-f9f93d93","source":"https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4","digest":{"line_hashes":["230361427007416664995616424352791763469","68454496777232705137616949383570055801","174227485603324825134703660955423564225","306374039697804480350160125378658725435","223787537721903344733141597182001711142","305852724676774806958748002571762917320","61902118637910596077004663207701223681","278724473247779637198513168995006009135","150804929727413209120953746872414715465","166774358343717215765245239236385866693","116293081894868411264108492273509366961","326496170417124709669304286305887789679","278306348133167756990680493182074324125","189649085256091224929149730235838635518","82945606976757935725900546138315651129","136187505923069729147869676886657763243","233447734599456461300796481665382809870","116930820689846462220149337293161556595","153181275943870954612030432229689150702","65985025876624501603393736976041980125"],"threshold":0.9},"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9143.json","vanir_signatures_modified":"2026-04-12T16:44:11Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}