CVE-2024-0727
- Source
- https://cve.org/CVERecord?id=CVE-2024-0727
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0727.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-0727
- Aliases
- Downstream
- Related
- Published
- 2024-01-26T09:15:07.637Z
- Modified
- 2026-03-15T22:48:39.152175Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12parse(), PKCS12unpackp7data(), PKCS12unpackp7encdata(), PKCS12unpackauthsafes() and PKCS12newpass().
We have also fixed a similar issue in SMIMEwritePKCS7(). However since this function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
- References
-
- https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html
- http://www.openwall.com/lists/oss-security/2024/03/11/1
- https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html
- https://www.openssl.org/news/secadv/20240125.txt
- https://security.netapp.com/advisory/ntap-20240208-0006/
- https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
- https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
- https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
- https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
- https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
Affected packages
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedFixedFixedFixed
- Database specific
{ "versions": [ { "introduced": "1.0.2" }, { "fixed": "1.0.2zj" }, { "introduced": "1.1.1" }, { "fixed": "1.1.1x" }, { "introduced": "3.0.0" }, { "fixed": "3.0.13" }, { "introduced": "3.1.0" }, { "fixed": "3.1.5" }, { "introduced": "0" }, { "last_affected": "3.2.0-NA" } ] }
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0727.json"
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_authsafes"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"function_hash": "273234016888167268496774117472332195433",
"length": 513.0
},
"id": "CVE-2024-0727-0a253c91",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs7/pk7_mime.c",
"function": "SMIME_write_PKCS7"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"function_hash": "160498122484118960476771748577817465290",
"length": 466.0
},
"id": "CVE-2024-0727-0c743886",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_authsafes"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"function_hash": "134158737108867128194177698970105833683",
"length": 601.0
},
"id": "CVE-2024-0727-1fc1d63c",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_mutl.c",
"function": "pkcs12_gen_mac"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"function_hash": "54894531063954848341214018546764848135",
"length": 2475.0
},
"id": "CVE-2024-0727-2041232b",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7data"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"function_hash": "333028959984917278694927510681728381344",
"length": 210.0
},
"id": "CVE-2024-0727-20b753f5",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7encdata"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"function_hash": "194020094912954504955703780283563830022",
"length": 325.0
},
"id": "CVE-2024-0727-20fae7ba",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7encdata"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"function_hash": "194020094912954504955703780283563830022",
"length": 325.0
},
"id": "CVE-2024-0727-2e3fdc2a",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs7/pk7_mime.c"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"line_hashes": [
"54998105321175495578319586477756171862",
"27242587424021545056777855475316245801",
"337397586984693763686059784969887335595",
"299175552626186616788920041986912461875",
"157312413621871896934981344146950617976",
"338428649582961127361140116670869127063",
"171384483322500739362893766309638215123"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-3759e9b0",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_mutl.c"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"line_hashes": [
"94565292678425600706526941081143791144",
"291509512094961011147097874806618412819",
"307014549478365771068281427405108220329"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-3f183580",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_npas.c"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"line_hashes": [
"162205749889552067302671686677285798971",
"271389607888579791188040461861165628176",
"41822622116140541826955941144504540743",
"306574142732274553694180113893893844050",
"270828334209207072344258822960984421822"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-4879ad0e",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_authsafes"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"function_hash": "273234016888167268496774117472332195433",
"length": 513.0
},
"id": "CVE-2024-0727-4b24af20",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_npas.c",
"function": "newpass_p12"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"function_hash": "45893428469298328029066994255430150373",
"length": 1830.0
},
"id": "CVE-2024-0727-4d8c4a3e",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_mutl.c",
"function": "pkcs12_gen_mac"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"function_hash": "54894531063954848341214018546764848135",
"length": 2475.0
},
"id": "CVE-2024-0727-6282d983",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7data"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"function_hash": "333028959984917278694927510681728381344",
"length": 210.0
},
"id": "CVE-2024-0727-757d1f5a",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_npas.c",
"function": "newpass_p12"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"function_hash": "77169075408787468989305255514508465969",
"length": 1974.0
},
"id": "CVE-2024-0727-7f3cb0e3",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_mutl.c",
"function": "pkcs12_gen_mac"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"function_hash": "54894531063954848341214018546764848135",
"length": 2475.0
},
"id": "CVE-2024-0727-88135226",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_npas.c"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"line_hashes": [
"162205749889552067302671686677285798971",
"271389607888579791188040461861165628176",
"41822622116140541826955941144504540743",
"306574142732274553694180113893893844050",
"270828334209207072344258822960984421822"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-8a39c099",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_mutl.c"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"line_hashes": [
"94565292678425600706526941081143791144",
"291509512094961011147097874806618412819",
"307014549478365771068281427405108220329"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-99861de9",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_npas.c"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"line_hashes": [
"162205749889552067302671686677285798971",
"62916601206176494174325247965028198519",
"298846068646552322260006094083018834813",
"430959103561626567681973257075914579",
"125364202502203268742091651817796347498"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-adea51a6",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7encdata"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"function_hash": "194020094912954504955703780283563830022",
"length": 325.0
},
"id": "CVE-2024-0727-b1b449d5",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"line_hashes": [
"254206606544614360936062330058351433436",
"314353434550008058260823999728207906114",
"218896389729317207199284546770105500915",
"320646797388159632280364676300282235588",
"161113838116863401045127193490509271133",
"338270744603574003720802330988830835824",
"298020093527676535241916322169787918007",
"89501273661907627308889131336005944837",
"307879638840763789282195495664351335911",
"89519541668127182159998066178221927668",
"84858261885116481245449646700195905295",
"85596577219996152654612001892629244431"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-b6052ea5",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_npas.c",
"function": "newpass_p12"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"function_hash": "45893428469298328029066994255430150373",
"length": 1830.0
},
"id": "CVE-2024-0727-ba33a4ba",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs7/pk7_mime.c",
"function": "SMIME_write_PKCS7"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"function_hash": "160498122484118960476771748577817465290",
"length": 466.0
},
"id": "CVE-2024-0727-bfe97028",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "include/openssl/opensslv.h"
},
"source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
"deprecated": false,
"digest": {
"line_hashes": [
"28170854778703993674264004058177114599",
"73132526844288570625317440636111911761",
"177405411499435185068645597737938634778",
"224809958623850711330610094965797758930",
"295554444428855106393106961197201359586"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-c377fa22",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_mutl.c"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"line_hashes": [
"94565292678425600706526941081143791144",
"291509512094961011147097874806618412819",
"307014549478365771068281427405108220329"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-d05f3ff8",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7data"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"function_hash": "134765480971594417393433888353741247788",
"length": 270.0
},
"id": "CVE-2024-0727-d81de12b",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs7/pk7_mime.c",
"function": "SMIME_write_PKCS7"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"function_hash": "160498122484118960476771748577817465290",
"length": 466.0
},
"id": "CVE-2024-0727-da016ee7",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/opensslv.h"
},
"source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8",
"deprecated": false,
"digest": {
"line_hashes": [
"251633914150035957322733061977107206211",
"338514574181828579838011565939158652696",
"76638288692106140328510055542557597351",
"142922657400765574308962710386922248045",
"71649992455794854055653842592139575350",
"65527166711110472566013424527579064967",
"253196866009476977787139000804413898733",
"172177136897997206866313011107384691461"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-e051451f",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"line_hashes": [
"254206606544614360936062330058351433436",
"113703986237416735135723974962592169452",
"272160728874650139291336184160418059556",
"40158151038026086505942727135503340251",
"161113838116863401045127193490509271133",
"338270744603574003720802330988830835824",
"298020093527676535241916322169787918007",
"89501273661907627308889131336005944837",
"307879638840763789282195495664351335911",
"217456522016759296704814847461623572690",
"102637731999926978760594596333101286778",
"106744556006121197296678793178085563362"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-e5f9b0fb",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs12/p12_add.c"
},
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c",
"deprecated": false,
"digest": {
"line_hashes": [
"254206606544614360936062330058351433436",
"113703986237416735135723974962592169452",
"272160728874650139291336184160418059556",
"40158151038026086505942727135503340251",
"161113838116863401045127193490509271133",
"338270744603574003720802330988830835824",
"298020093527676535241916322169787918007",
"89501273661907627308889131336005944837",
"307879638840763789282195495664351335911",
"217456522016759296704814847461623572690",
"102637731999926978760594596333101286778",
"106744556006121197296678793178085563362"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-e8057ea0",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs7/pk7_mime.c"
},
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a",
"deprecated": false,
"digest": {
"line_hashes": [
"54998105321175495578319586477756171862",
"27242587424021545056777855475316245801",
"337397586984693763686059784969887335595",
"299175552626186616788920041986912461875",
"157312413621871896934981344146950617976",
"338428649582961127361140116670869127063",
"171384483322500739362893766309638215123"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-e94ad7b8",
"signature_type": "Line"
},
{
"signature_version": "v1",
"target": {
"file": "crypto/pkcs7/pk7_mime.c"
},
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2",
"deprecated": false,
"digest": {
"line_hashes": [
"54998105321175495578319586477756171862",
"27242587424021545056777855475316245801",
"337397586984693763686059784969887335595",
"299175552626186616788920041986912461875",
"157312413621871896934981344146950617976",
"338428649582961127361140116670869127063",
"171384483322500739362893766309638215123"
],
"threshold": 0.9
},
"id": "CVE-2024-0727-f75e605e",
"signature_type": "Line"
}
]