CVE-2024-0727
ADVISORY - githubSummary
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
Common Weakness Enumeration (CWE)
NULL Pointer Dereference
NULL Pointer Dereference
NULL Pointer Dereference
GitHub
1.8
CVSS SCORE
5.5medium| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| cryptography | pypi | - | - | <42.0.2 | 42.0.2 |
CVSS:3 Severity and metrics
The CVSS metrics represent different qualitative aspects of a vulnerability that impact the overall score, as defined by the CVSS Specification.
The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities. Either: The attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document).
Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.
The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited. For example, a successful exploit may only be possible during the installation of an application by a system administrator.
An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority.
There is no loss of confidentiality.
There is no loss of trust or accuracy within the impacted component.
There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component.
NIST
1.8
CVSS SCORE
5.5mediumAlpine
-
Debian
-
Ubuntu
1.8
CVSS SCORE
5.5lowAlma
-
CVSS SCORE
N/AlowAlma
-
CVSS SCORE
N/AmediumAmazon
-
CVSS SCORE
N/AlowAmazon
-
CVSS SCORE
N/AlowAmazon
-
CVSS SCORE
N/AhighAmazon
-
CVSS SCORE
N/AmediumRed Hat
1.8
CVSS SCORE
5.5lowRocky
-
CVSS SCORE
N/AlowOracle
-
CVSS SCORE
N/AlowOracle
-
CVSS SCORE
N/AmediumChainguard
CGA-4q7f-4r4p-28j4
-
Chainguard
CGA-6j8p-hq67-5xvp
-
Chainguard
CGA-82m6-4hxr-w67m
-
Chainguard
CGA-m4wp-p4qq-w882
-
Chainguard
CGA-q75h-fpv8-5529
-
Chainguard
CGA-v6gj-ww59-2g5w
-
Chainguard
CGA-v739-9xhw-5vmf
-
Chainguard
CGA-xjvx-5hvh-gx2x
-
Photon
CVE-2024-0727
-