CVE-2024-0727

Summary

CVE-2024-0727 is a vulnerability affecting OpenSSL that can lead to a Denial of Service attack. Maliciously formatted PKCS12 files may cause OpenSSL to crash due to a NULL pointer dereference. Applications processing PKCS12 files from untrusted sources using the vulnerable OpenSSL APIs, such as PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(), are at risk. The issue stems from OpenSSL's failure to correctly check for NULL fields in PKCS12 files as per the specification. The FIPS modules in versions 3.2, 3.1, and 3.0 are not impacted by this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.