Vulnerability Description
Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | >= 3.0.0, < 3.0.15 |
| Netapp | Active Iq Unified Manager | - |
| Netapp | Management Services For Element Software And Netapp Hci | - |
| Netapp | Ontap 9 | - |
| Netapp | Ontap Select Deploy Administration Utility | - |
| Netapp | Ontap Tools | 9 |
| Netapp | Brocade Fabric Operating System | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
| Netapp | H610C Firmware | - |
| Netapp | H610C | - |
| Netapp | H610S Firmware | - |
Related Weaknesses (CWE)
References
- https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd0Patch
- https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0Patch
- https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2Patch
- https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0Patch
- https://openssl-library.org/news/secadv/20240903.txtVendor Advisory
- http://www.openwall.com/lists/oss-security/2024/09/03/4Mailing List
- https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.htmlMailing List
- https://security.netapp.com/advisory/ntap-20240912-0001/Third Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://cert-portal.siemens.com/productcert/html/ssa-613116.html
- https://cert-portal.siemens.com/productcert/html/ssa-769027.html
FAQ
What is CVE-2024-6119?
CVE-2024-6119 is a vulnerability with a CVSS score of 7.5 (HIGH). Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the a...
How severe is CVE-2024-6119?
CVE-2024-6119 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-6119?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Netapp Active Iq Unified Manager, Netapp Management Services For Element Software And Netapp Hci, Netapp Ontap 9, Netapp Ontap Select Deploy Administration Utility.