GCVE - cpe:2.3:o:openbsd:openbsd:7.4:errata

Approved changes feed: RSS · Atom

cpe:2.3:o:openbsd:openbsd:7.4:errata_002:*:*:*:*:*:*

part: o version: 7.4 update: errata_002

Vendor	Openbsd (`932cdfc2-94b9-5fb6-8ef3-d0b271f414b5`)
Product	Openbsd (`53340739-b0b7-5bcf-88ee-45d5aaf96683`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/openbsd/src`	purl2cpe	2026-06-01 10:17:38.225543
`pkg:openbsd/openbsd`	purl2cpe	2026-06-01 10:17:38.225545

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-11149`	vulnerable	2026-06-08 06:23:48.944794	OpenBSD vmm GDTR limits HIGH (7.9) In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. Published: 2024-12-06T01:56:12.697Z Updated: 2024-12-06T16:41:55.500Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/014_vmm.patch.sig	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11148`	vulnerable	2026-06-08 06:23:48.943585	OpenBSD httpd(8) null dereference HIGH (7.5) In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. Published: 2024-12-05T19:50:19.954Z Updated: 2024-12-06T18:58:45.147Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/006_httpd.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/020_httpd.patch.sig	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10934`	vulnerable	2026-06-08 06:23:48.206312	OpenBSD NFS double-free vulnerability CRITICAL (9.8) In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server. Published: 2024-11-15T19:20:02.231Z Updated: 2025-10-02T14:09:00.828Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/008_nfs.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/021_nfs.patch.sig	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10933`	vulnerable	2026-06-08 06:23:48.173781	OpenBSD readdir directory traversal MEDIUM (5) In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. Published: 2024-12-05T20:06:23.001Z Updated: 2024-12-05T20:40:58.356Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/022_readdir.patch.sig https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/009_readdir.patch.sig	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-52556`	vulnerable	2026-06-08 06:17:55.311021	OpenBSD 7.4 pf state race condition kernel crash In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic. Published: 2024-03-01T16:08:49.203Z Updated: 2024-11-14T19:47:00.394Z Open on db.gcve.eu Reference links https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/009_pf.patch.sig https://github.com/openbsd/src/commit/9d9f4dc6c833cb79d13f836581e3a781d06842e7	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

OpenBSD 7.4 Errata 002

PURL mappings

Vulnerability references

Contribute