Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-6119

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Published

2024-09-03T16:15:07.177

Last Modified

2025-06-03T10:51:54.117

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-843
Type: Primary
CWE-843

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	< 3.0.15	Yes
Application	openssl	openssl	< 3.1.7	Yes
Application	openssl	openssl	< 3.2.3	Yes
Application	openssl	openssl	< 3.3.2	Yes
Application	netapp	active_iq_unified_manager	-	Yes
Application	netapp	management_services_for_element_software_and_netapp_hci	-	Yes
Application	netapp	ontap_9	-	Yes
Application	netapp	ontap_select_deploy_administration_utility	-	Yes
Application	netapp	ontap_tools	9	Yes
Operating System	netapp	brocade_fabric_operating_system	-	Yes
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Operating System	netapp	h410c_firmware	-	Yes
Hardware	netapp	h410c	-	No
Operating System	netapp	h610c_firmware	-	Yes
Hardware	netapp	h610c	-	No
Operating System	netapp	h610s_firmware	-	Yes
Hardware	netapp	h610s	-	No
Hardware	netapp	h615c	-	Yes
Operating System	netapp	h615c_firmware	-	No
Operating System	netapp	bootstrap_os	-	Yes
Hardware	netapp	hci_compute_node	-	No
Operating System	netapp	a250_firmware	-	Yes
Hardware	netapp	a250	-	No
Operating System	netapp	500f_firmware	-	Yes
Hardware	netapp	500f	-	No
Operating System	netapp	c250_firmware	-	Yes
Hardware	netapp	c250	-	No

References

https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f Patch ([email protected])
https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6 Patch ([email protected])
https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2 Patch ([email protected])
https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0 Patch ([email protected])
https://openssl-library.org/news/secadv/20240903.txt Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/09/03/4 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240912-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)