CVE-2024-2511: Openssl Cve 2024 2511 Unbounded Session Cache
OpenSSL TLSv1.3 session cache unbounded growth DoS. The vulnerability occurs because the cache update logic incorrectly assumes that `session_id_length == 0` is sufficient to reject caching without also checking if the session is `not_resumable`.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Cβ
Cβgreprules fetch cve-2024-2511-openssl-cve-2024-2511-unbounded-session-cache --engine opengrepDescription
OpenSSL TLSv1.3 session cache unbounded growth DoS. The vulnerability occurs because the cache update logic incorrectly assumes that `session_id_length == 0` is sufficient to reject caching without also checking if the session is `not_resumable`.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0