CVE-2024-0727
Description
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cryptographyPyPI | < 42.0.2 | 42.0.2 |
Affected products
127cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*range: >=1.0.2,<1.0.2zj
- cpe:2.3:a:openssl:openssl:3.2.0:-:*:*:*:*:*:*
- (no CPE)range: 3.2.0
- osv-coords124 versionspkg:apk/chainguard/azpkg:apk/chainguard/ggshieldpkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/libcrypto3pkg:apk/chainguard/libssl3pkg:apk/chainguard/mitmproxypkg:apk/chainguard/opensslpkg:apk/chainguard/openssl-devpkg:apk/chainguard/openssl-docpkg:apk/chainguard/openssl-engine-afalgpkg:apk/chainguard/openssl-engine-capipkg:apk/chainguard/openssl-engine-loader-atticpkg:apk/chainguard/openssl-engine-padlockpkg:apk/chainguard/openssl-provider-fipspkg:apk/chainguard/openssl-provider-fips-3.1.2pkg:apk/chainguard/openssl-provider-legacypkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/py3-cassandra-medusa-compatpkg:apk/wolfi/azpkg:apk/wolfi/ggshieldpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/libcrypto3pkg:apk/wolfi/libssl3pkg:apk/wolfi/mitmproxypkg:apk/wolfi/opensslpkg:apk/wolfi/openssl-devpkg:apk/wolfi/openssl-docpkg:apk/wolfi/openssl-engine-afalgpkg:apk/wolfi/openssl-engine-capipkg:apk/wolfi/openssl-engine-loader-atticpkg:apk/wolfi/openssl-engine-padlockpkg:apk/wolfi/openssl-provider-legacypkg:apk/wolfi/py3-cassandra-medusapkg:apk/wolfi/py3-cassandra-medusa-compatpkg:pypi/cryptographypkg:rpm/almalinux/edk2-aarch64pkg:rpm/almalinux/edk2-ovmfpkg:rpm/almalinux/edk2-toolspkg:rpm/almalinux/edk2-tools-docpkg:rpm/almalinux/opensslpkg:rpm/almalinux/openssl-develpkg:rpm/almalinux/openssl-libspkg:rpm/almalinux/openssl-perlpkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openssl-1_0_0&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/openssl-1_1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Tumbleweedpkg:rpm/suse/compat-openssl098&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012pkg:rpm/suse/compat-openssl098&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/openssl-1_0_0&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/openssl-1_1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/openssl-1_1&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/openssl-1_1&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/openssl1&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20COREpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/openssl-3&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/openssl-3&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
< 2.57.0-r0+ 123 more
- (no CPE)range: < 2.57.0-r0
- (no CPE)range: < 1.25.0-r0
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 12.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 0.17.2-r1
- (no CPE)range: < 0.17.2-r1
- (no CPE)range: < 2.57.0-r0
- (no CPE)range: < 1.25.0-r0
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 2.0.5-r3
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 12.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 3.2.1-r0
- (no CPE)range: < 0.17.2-r1
- (no CPE)range: < 0.17.2-r1
- (no CPE)range: < 42.0.2
- (no CPE)range: < 20240524-6.el9_5
- (no CPE)range: < 20240524-6.el9_5
- (no CPE)range: < 20240524-6.el9_5
- (no CPE)range: < 20240524-6.el9_5
- (no CPE)range: < 1:3.0.7-27.el9
- (no CPE)range: < 1:3.0.7-27.el9
- (no CPE)range: < 1:3.0.7-27.el9
- (no CPE)range: < 1:3.0.7-27.el9
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2u-24.1
- (no CPE)range: < 1.1.1l-150500.17.25.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1w-7.1
- (no CPE)range: < 3.0.8-150500.5.27.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.1.4-4.1
- (no CPE)range: < 0.9.8j-106.64.1
- (no CPE)range: < 0.9.8j-106.64.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-3.90.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-3.90.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-150000.3.91.1
- (no CPE)range: < 1.0.2p-3.90.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1l-150500.17.25.1
- (no CPE)range: < 1.1.1l-150500.17.25.1
- (no CPE)range: < 1.1.1d-2.104.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1d-2.104.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1d-150200.11.85.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1d-2.104.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.1.1l-150400.7.63.1
- (no CPE)range: < 1.0.1g-0.58.79.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.0.8-150500.5.27.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 3.0.8-150400.4.49.1
- (no CPE)range: < 0.9.8j-0.106.83.1
Patches
Vulnerability mechanics
References
22- github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2nvdPatchWEB
- github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844anvdPatchWEB
- github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2cnvdPatchWEB
- github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8nvdPatchWEB
- github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539nvdPatchWEB
- github.com/advisories/GHSA-9v9h-cgj8-h64pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-0727ghsaADVISORY
- www.openssl.org/news/secadv/20240125.txtnvdVendor AdvisoryWEB
- www.openwall.com/lists/oss-security/2024/03/11/1nvdWEB
- cert-portal.siemens.com/productcert/html/ssa-265688.htmlnvdWEB
- cert-portal.siemens.com/productcert/html/ssa-277137.htmlnvdWEB
- cert-portal.siemens.com/productcert/html/ssa-331112.htmlnvdWEB
- cert-portal.siemens.com/productcert/html/ssa-769027.htmlnvdWEB
- cert-portal.siemens.com/productcert/html/ssa-915275.htmlnvdWEB
- github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2ghsaWEB
- github.com/github/advisory-database/pull/3472ghsaWEB
- github.com/openssl/openssl/pull/23362ghsaWEB
- github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64dghsaWEB
- lists.debian.org/debian-lts-announce/2024/10/msg00033.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2024/11/msg00000.htmlnvdWEB
- security.netapp.com/advisory/ntap-20240208-0006ghsaWEB
- security.netapp.com/advisory/ntap-20240208-0006/nvd
News mentions
0No linked articles in our index yet.