Bug 2259944 (CVE-2024-0727)

Summary:	CVE-2024-0727 openssl: denial of service via null dereference
Product:	[Other] Security Response	Reporter:	Robb Gatica <rgatica>
Component:	vulnerability	Assignee:	Product Security <prodsec-ir-bot>
Status:	NEW ---	QA Contact:
Severity:	low	Docs Contact:
Priority:	low
Version:	unspecified	CC:	kyoshida
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the "type" is a valid value, which can lead to a null dereference error that may cause a denial of service.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2259946, 2259947, 2259948, 2259949, 2259950
Bug Blocks:	2259925

Description Robb Gatica 2024-01-23 22:27:13 UTC

PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. The OpenSSL project did announce a new release, which is assumed to contain this bug fix; that release will be published on Jan 30th. 

Reference: https://github.com/openssl/openssl/pull/23362

Comment 1 Robb Gatica 2024-01-23 22:37:42 UTC

Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 2259948]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2259947]


Created openssl11 tracking bugs for this issue:

Affects: epel-all [bug 2259946]


Created shim tracking bugs for this issue:

Affects: fedora-all [bug 2259949]

Comment 3 Robb Gatica 2024-01-23 22:40:21 UTC

Created openssl3 tracking bugs for this issue:

Affects: epel-all [bug 2259950]

Comment 5 errata-xmlrpc 2024-04-30 10:52:23 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2447 https://access.redhat.com/errata/RHSA-2024:2447

Comment 6 kundewayne 2024-06-10 03:18:37 UTC Comment hidden (spam)

There are PKCS7 ContentInfo fields in PKCS12 structures. If you don't want to use them, these fields can be NULL, even if the "type" is a valid number.
Reference: https://github.com/openssl/openssl/pull/23362 https://gorillatag.io/

Comment 8 errata-xmlrpc 2024-11-12 08:41:44 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9088 https://access.redhat.com/errata/RHSA-2024:9088