CVE-2024-0727 · threatengine.sh

Home/CVE/Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of

CVE

CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case.

This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass().

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

MEDIUM · CVSS 5.5 EPSS 0.00208

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-476NULL Pointer Dereference

CWE-476NULL Pointer Dereference

▤

Affected Products & Versions

5

openssl>= 1.0.2 and < 1.0.2zj
openssl>= 1.1.1 and < 1.1.1x
openssl>= 3.0.0 and < 3.0.13
openssl>= 3.1.0 and < 3.1.5
opensslall versions

▤

Affected Packages

1

Language-ecosystem packages (from OSV) tied to this CVE, with the version that fixes it - the dependency-level detail NVD doesn’t carry.

PyPI cryptography MODERATE fixed in 42.0.2

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · openssl-security@openssl.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD26 Jan 2024 · 09:15 AM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC triage · cisa-vulnrichment

Exploitation

none

Automatable

no

Technical impact

partial

SSVC asks the questions that actually drive patch urgency: is it being exploited, can attacks be automated, and how total is the impact.

⚑

Vendor Advisories

30

usnUSN-7894-1
siemens-csafSSA-277137
siemens-csafSSA-769027
siemens-csafSSA-331112
siemens-csafSSA-915275
Show all 30 vendor advisoriesusnUSN-7018-1
suse-csafopenSUSE-SU-2024:13656-1
suse-csafopenSUSE-SU-2024:13662-1
suse-csafopenSUSE-SU-2024:13663-1
rhsaRHSA-2024:9088Moderate
siemens-csafSSA-265688
usnUSN-6709-1
suse-csafSUSE-SU-2024:0840-1
suse-csafSUSE-SU-2024:0841-1
suse-csafSUSE-SU-2024:0842-1
suse-csafSUSE-SU-2024:0831-1
suse-csafSUSE-SU-2024:0832-1
suse-csafSUSE-SU-2024:0833-1
suse-csafSUSE-SU-2024:0813-1
suse-csafSUSE-SU-2024:0814-1
suse-csafSUSE-SU-2024:0815-1
suse-csafSUSE-SU-2024:0549-1
suse-csafSUSE-SU-2024:0518-1
usnUSN-6632-1
usnUSN-6622-1
msrcCVE-2024-0727
rhsaRHSA-2024:2447Low
oracle-cpuoracle-cpu-JD-Edwards-EnterpriseOne-Tools-4781--CVE-2024-0727
cisa-csafcisa-csaf-csaf_files-OT-white-2024-icsa-24-102-01
cisa-csafcisa-csaf-csaf_files-OT-white-2024-icsa-24-275-02

🔗

References & Sources

15

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2Patch

https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844aPatch

https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2cPatch

https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8Patch

https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539Patch

https://www.openssl.org/news/secadv/20240125.txtVendor Advisory

Show all 15 references

http://www.openwall.com/lists/oss-security/2024/03/11/1

https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html

https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html

https://security.netapp.com/advisory/ntap-20240208-0006/

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

https://cert-portal.siemens.com/productcert/html/ssa-277137.html

https://cert-portal.siemens.com/productcert/html/ssa-331112.html

https://cert-portal.siemens.com/productcert/html/ssa-769027.html

https://cert-portal.siemens.com/productcert/html/ssa-915275.html

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin