Memory Access Issue in OpenSSL Affects Certificate Name Checks
CVE-2024-6119

7.5HIGH

Key Information:

Vendor: OpenSSL
Status: OpenSSL
Vendor: CVE Published:; 3 September 2024

What is CVE-2024-6119?

A vulnerability in OpenSSL allows applications performing certificate name checks, such as those in TLS clients, to read an invalid memory address. This may lead to an abnormal termination of the application process, potentially resulting in a denial of service. The issue arises when comparing the expected name with an 'otherName' subject alternative name of an X.509 certificate. Although basic certificate chain validation is unaffected, applications specifying an expected DNS name, Email address, or IP address are at risk. Notably, TLS servers are generally not impacted, as they typically do not perform name checks against reference identifiers. The FIPS modules in versions 3.3, 3.2, 3.1, and 3.0 remain unaffected.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://openssl-library.org/news/secadv/20240903.txt

https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2...

https://github.com/openssl/openssl/commit/05f360d9e849a1b...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 3, 2024

JSON

OpenSSL

What is CVE-2024-6119?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.