CVE-2024-6119

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-6119
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6119.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-6119
Downstream
Related
Published
2024-09-03T16:15:07.177Z
Modified
2026-04-16T04:35:29.954379366Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.

Impact summary: Abnormal termination of an application can a cause a denial of service.

Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an otherName subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program.

Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address.

TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate.

The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Introduced
89cd17a031e022211684eb7eb41190cf1910f9fa
Fixed
c523121f902fde2929909dc7f76b13ceb4961efe
Introduced
a92271e03a8d0dee507b6f1e7f49512568b2c7ad
Fixed
3c6a7a1c3b88d9afaf2828cff7adefba27b52493
Introduced
cf2877791ce7508684109664f467c9e40987692f
Fixed
45fda76bc1b9fd74d10e85e0ce9b65a12dcc58b0
Introduced
4cb31128b5790819dfeea2739fbde265f71a10a2
Fixed
fb7fab9fa6f4869eaa8fbb97e0d593159f03ffe4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3da3c85a3f02b244dfaeadfeb7d8d0554f9d0f45
Fixed
05f360d9e849a1b277db628f1f13083a7f8dd04f
Fixed
06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6
Fixed
621f3729831b05ee828a3203eddb621d014ff2b2
Fixed
7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.15"
        },
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.7"
        },
        {
            "introduced": "3.2.0"
        },
        {
            "fixed": "3.2.3"
        },
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9"
        }
    ]
}

Affected versions

Other
BEFORE_engine
BEN_FIPS_TEST_7
BEN_FIPS_TEST_8
FIPS_TEST_9
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_0_9_7
OpenSSL_0_9_7-beta1
OpenSSL_0_9_7-beta2
OpenSSL_0_9_7-beta3
OpenSSL_0_9_7-beta4
OpenSSL_0_9_7-beta6
OpenSSL_0_9_7a
OpenSSL_0_9_7b
OpenSSL_0_9_7c
OpenSSL_0_9_7e
OpenSSL_0_9_7f
OpenSSL_0_9_7g
openssl-3.*
openssl-3.0.0
openssl-3.0.1
openssl-3.0.10
openssl-3.0.11
openssl-3.0.12
openssl-3.0.13
openssl-3.0.14
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7
openssl-3.0.8
openssl-3.0.9
openssl-3.1.0
openssl-3.1.1
openssl-3.1.2
openssl-3.1.3
openssl-3.1.4
openssl-3.1.5
openssl-3.1.6
openssl-3.2.0
openssl-3.2.1
openssl-3.2.2
openssl-3.3.0
openssl-3.3.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6119.json"
vanir_signatures 
[
    {
        "source": "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0",
        "target": {
            "function": "do_x509_check",
            "file": "crypto/x509/v3_utl.c"
        },
        "deprecated": false,
        "digest": {
            "length": 2208.0,
            "function_hash": "297664809786249337571823979395707390878"
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "id": "CVE-2024-6119-044ff3da"
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 2208.0,
            "function_hash": "297664809786249337571823979395707390878"
        },
        "source": "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f",
        "target": {
            "function": "do_x509_check",
            "file": "crypto/x509/v3_utl.c"
        },
        "id": "CVE-2024-6119-220f4ca1"
    },
    {
        "target": {
            "file": "crypto/x509/v3_utl.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "312509595223100330321168542960068521398",
                "319266265031216505638484196209472646460",
                "296079654573672400548945735349135811280",
                "194161770504940970465947950317370227091",
                "73226098924675181745070420742688194742",
                "255100152389407014534060742640319525810",
                "107641711996716981332973422033573633836",
                "303780277160542456811857748733040052334",
                "237165447602642162049737081847754347163",
                "107764604441473243147620128203638618000",
                "151126181812792562984095161370891701060",
                "4914184778609755054228034190581391857",
                "161517805418542012351445002989466214544",
                "303171268813032197018786524572236165874",
                "50465076649490212505887053791069383449",
                "56470871547176072964184479275180871571",
                "35449687704601343526630423163744494434",
                "313319308398363429846252835852704178809",
                "29461512218044329177890213465380128015",
                "82382258557022042776381891418426592152",
                "296892898642593274297886691777755395691",
                "120168245930382797205053878460718689153",
                "22704970505423948146511268931125275567",
                "198149435281904132219632876852304727639",
                "313214299605774514910492253003894830047",
                "7411922691764788490973855371329664708"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6",
        "id": "CVE-2024-6119-50341c83"
    },
    {
        "source": "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6",
        "target": {
            "function": "do_x509_check",
            "file": "crypto/x509/v3_utl.c"
        },
        "deprecated": false,
        "digest": {
            "length": 2208.0,
            "function_hash": "297664809786249337571823979395707390878"
        },
        "id": "CVE-2024-6119-764d9b2a",
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "target": {
            "function": "do_x509_check",
            "file": "crypto/x509/v3_utl.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 2208.0,
            "function_hash": "297664809786249337571823979395707390878"
        },
        "signature_version": "v1",
        "source": "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2",
        "id": "CVE-2024-6119-7d5c83ae"
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "312509595223100330321168542960068521398",
                "319266265031216505638484196209472646460",
                "296079654573672400548945735349135811280",
                "194161770504940970465947950317370227091",
                "73226098924675181745070420742688194742",
                "255100152389407014534060742640319525810",
                "107641711996716981332973422033573633836",
                "303780277160542456811857748733040052334",
                "237165447602642162049737081847754347163",
                "107764604441473243147620128203638618000",
                "151126181812792562984095161370891701060",
                "4914184778609755054228034190581391857",
                "161517805418542012351445002989466214544",
                "303171268813032197018786524572236165874",
                "50465076649490212505887053791069383449",
                "56470871547176072964184479275180871571",
                "35449687704601343526630423163744494434",
                "313319308398363429846252835852704178809",
                "29461512218044329177890213465380128015",
                "82382258557022042776381891418426592152",
                "296892898642593274297886691777755395691",
                "120168245930382797205053878460718689153",
                "22704970505423948146511268931125275567",
                "198149435281904132219632876852304727639",
                "313214299605774514910492253003894830047",
                "7411922691764788490973855371329664708"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "crypto/x509/v3_utl.c"
        },
        "source": "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f",
        "id": "CVE-2024-6119-83950886"
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "312509595223100330321168542960068521398",
                "319266265031216505638484196209472646460",
                "296079654573672400548945735349135811280",
                "194161770504940970465947950317370227091",
                "73226098924675181745070420742688194742",
                "255100152389407014534060742640319525810",
                "107641711996716981332973422033573633836",
                "303780277160542456811857748733040052334",
                "237165447602642162049737081847754347163",
                "107764604441473243147620128203638618000",
                "151126181812792562984095161370891701060",
                "4914184778609755054228034190581391857",
                "161517805418542012351445002989466214544",
                "303171268813032197018786524572236165874",
                "50465076649490212505887053791069383449",
                "56470871547176072964184479275180871571",
                "35449687704601343526630423163744494434",
                "313319308398363429846252835852704178809",
                "29461512218044329177890213465380128015",
                "82382258557022042776381891418426592152",
                "296892898642593274297886691777755395691",
                "120168245930382797205053878460718689153",
                "22704970505423948146511268931125275567",
                "198149435281904132219632876852304727639",
                "313214299605774514910492253003894830047",
                "7411922691764788490973855371329664708"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0",
        "target": {
            "file": "crypto/x509/v3_utl.c"
        },
        "id": "CVE-2024-6119-9e611542"
    },
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "312509595223100330321168542960068521398",
                "319266265031216505638484196209472646460",
                "296079654573672400548945735349135811280",
                "194161770504940970465947950317370227091",
                "73226098924675181745070420742688194742",
                "255100152389407014534060742640319525810",
                "107641711996716981332973422033573633836",
                "303780277160542456811857748733040052334",
                "237165447602642162049737081847754347163",
                "107764604441473243147620128203638618000",
                "151126181812792562984095161370891701060",
                "4914184778609755054228034190581391857",
                "161517805418542012351445002989466214544",
                "303171268813032197018786524572236165874",
                "50465076649490212505887053791069383449",
                "56470871547176072964184479275180871571",
                "35449687704601343526630423163744494434",
                "313319308398363429846252835852704178809",
                "29461512218044329177890213465380128015",
                "82382258557022042776381891418426592152",
                "296892898642593274297886691777755395691",
                "120168245930382797205053878460718689153",
                "22704970505423948146511268931125275567",
                "198149435281904132219632876852304727639",
                "313214299605774514910492253003894830047",
                "7411922691764788490973855371329664708"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "crypto/x509/v3_utl.c"
        },
        "source": "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2",
        "id": "CVE-2024-6119-f3fd2c57"
    }
]
vanir_signatures_modified 
"2026-04-12T17:29:14Z"