Bug 2344954 - SEVERITY: HIGH; handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
Summary: SEVERITY: HIGH; handshakes with unauthenticated servers don't abort as expect...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 41
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Dmitry Belyavskiy
QA Contact: Fedora Extras Quality Assurance
URL: https://openssl-library.org/news/seca...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-11 16:44 UTC by pgnd
Modified: 2025-03-14 13:42 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2025-03-14 13:42:12 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-1472 0 None None None 2025-02-11 16:44:48 UTC

Description pgnd 2025-02-11 16:44:22 UTC 
SEVERITY: HIGH; handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)

OpenSSL Security Advisory [11th February 2025]
 RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797)
 https://openssl-library.org/news/secadv/20250211.txt
 
	The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
	OpenSSL 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this issue.

	OpenSSL 3.4, 3.3 and 3.2 are vulnerable to this issue.

	OpenSSL 3.4 users should upgrade to OpenSSL 3.4.1.

	OpenSSL 3.3 users should upgrade to OpenSSL 3.3.2.

!!>	OpenSSL 3.2 users should upgrade to OpenSSL 3.2.4.


distro
	Name: Fedora Linux 41 (Server Edition)
	Version: 41
	Codename:

rpm -qa | grep -i ^openssl | sort
	openssl-3.2.2-11.fc41.x86_64
	openssl-devel-3.2.2-11.fc41.x86_64
	openssl-libs-3.2.2-11.fc41.x86_64
openssl-pkcs11-0.4.12-10.fc41.x86_64

Reproducible: Always
Comment 1 Dmitry Belyavskiy 2025-03-14 13:42:12 UTC 
Implemented via rebase
Note You need to log in before you can comment on or make changes to this bug.