2259944 – (CVE-2024-0727) CVE-2024-0727 openssl: denial of service via null dereference

Bug 2259944 (CVE-2024-0727) - CVE-2024-0727 openssl: denial of service via null dereference

Summary: CVE-2024-0727 openssl: denial of service via null dereference

Keywords:
Status:	NEW
Alias:	CVE-2024-0727
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2259946 2259947 2259948 2259949 2259950
Blocks:	2259925
TreeView+	depends on / blocked

Reported:	2024-01-23 22:27 UTC by Robb Gatica
Modified:	2024-06-10 03:18 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the "type" is a valid value, which can lead to a null dereference error that may cause a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:2447	0	None	None	None	2024-04-30 10:52:25 UTC

Description Robb Gatica 2024-01-23 22:27:13 UTC

PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. The OpenSSL project did announce a new release, which is assumed to contain this bug fix; that release will be published on Jan 30th. 

Reference: https://github.com/openssl/openssl/pull/23362

Comment 1 Robb Gatica 2024-01-23 22:37:42 UTC

Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 2259948]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2259947]


Created openssl11 tracking bugs for this issue:

Affects: epel-all [bug 2259946]


Created shim tracking bugs for this issue:

Affects: fedora-all [bug 2259949]

Comment 3 Robb Gatica 2024-01-23 22:40:21 UTC

Created openssl3 tracking bugs for this issue:

Affects: epel-all [bug 2259950]

Comment 5 errata-xmlrpc 2024-04-30 10:52:23 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2447 https://access.redhat.com/errata/RHSA-2024:2447

Comment 6 kundewayne 2024-06-10 03:18:37 UTC

There are PKCS7 ContentInfo fields in PKCS12 structures. If you don't want to use them, these fields can be NULL, even if the "type" is a valid number.
Reference: https://github.com/openssl/openssl/pull/23362 https://gorillatag.io/

Note You need to log in before you can comment on or make changes to this bug.