CVE-2024-0727
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-0727
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0727.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-0727
- Aliases
- Downstream
- Related
- Published
- 2024-01-26T09:15:07Z
- Modified
- 2025-10-08T00:03:34.398755Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12parse(), PKCS12unpackp7data(), PKCS12unpackp7encdata(), PKCS12unpackauthsafes() and PKCS12newpass().
We have also fixed a similar issue in SMIMEwritePKCS7(). However since this function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
- References
-
- https://www.openssl.org/news/secadv/20240125.txt
- https://security.netapp.com/advisory/ntap-20240208-0006/
- https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
- https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a
- https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c
- https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8
- https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539
- http://www.openwall.com/lists/oss-security/2024/03/11/1
Affected packages
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
openssl-3.*
openssl-3.0.0
openssl-3.0.0-alpha1
openssl-3.0.0-alpha10
openssl-3.0.0-alpha11
openssl-3.0.0-alpha12
openssl-3.0.0-alpha13
openssl-3.0.0-alpha14
openssl-3.0.0-alpha15
openssl-3.0.0-alpha16
openssl-3.0.0-alpha17
openssl-3.0.0-alpha2
openssl-3.0.0-alpha3
openssl-3.0.0-alpha4
openssl-3.0.0-alpha5
openssl-3.0.0-alpha6
openssl-3.0.0-alpha7
openssl-3.0.0-alpha8
openssl-3.0.0-alpha9
openssl-3.0.0-beta1
openssl-3.0.0-beta2
openssl-3.0.1
openssl-3.0.10
openssl-3.0.11
openssl-3.0.12
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7
openssl-3.0.8
openssl-3.0.9
openssl-3.1.0
openssl-3.1.0-alpha1
openssl-3.1.0-beta1
openssl-3.1.1
openssl-3.1.2
openssl-3.1.3
openssl-3.1.4
openssl-3.2.0
openssl-3.2.0-alpha1
openssl-3.2.0-alpha2
openssl-3.2.0-beta1
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 513.0,
"function_hash": "273234016888167268496774117472332195433"
},
"id": "CVE-2024-0727-0a253c91",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_authsafes"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"length": 466.0,
"function_hash": "160498122484118960476771748577817465290"
},
"id": "CVE-2024-0727-0c743886",
"deprecated": false,
"target": {
"file": "crypto/pkcs7/pk7_mime.c",
"function": "SMIME_write_PKCS7"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"length": 601.0,
"function_hash": "134158737108867128194177698970105833683"
},
"id": "CVE-2024-0727-1fc1d63c",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_authsafes"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"length": 2475.0,
"function_hash": "54894531063954848341214018546764848135"
},
"id": "CVE-2024-0727-2041232b",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_mutl.c",
"function": "pkcs12_gen_mac"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"length": 210.0,
"function_hash": "333028959984917278694927510681728381344"
},
"id": "CVE-2024-0727-20b753f5",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7data"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"length": 325.0,
"function_hash": "194020094912954504955703780283563830022"
},
"id": "CVE-2024-0727-20fae7ba",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7encdata"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"length": 325.0,
"function_hash": "194020094912954504955703780283563830022"
},
"id": "CVE-2024-0727-2e3fdc2a",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7encdata"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"54998105321175495578319586477756171862",
"27242587424021545056777855475316245801",
"337397586984693763686059784969887335595",
"299175552626186616788920041986912461875",
"157312413621871896934981344146950617976",
"338428649582961127361140116670869127063",
"171384483322500739362893766309638215123"
]
},
"id": "CVE-2024-0727-3759e9b0",
"deprecated": false,
"target": {
"file": "crypto/pkcs7/pk7_mime.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"94565292678425600706526941081143791144",
"291509512094961011147097874806618412819",
"307014549478365771068281427405108220329"
]
},
"id": "CVE-2024-0727-3f183580",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_mutl.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"162205749889552067302671686677285798971",
"271389607888579791188040461861165628176",
"41822622116140541826955941144504540743",
"306574142732274553694180113893893844050",
"270828334209207072344258822960984421822"
]
},
"id": "CVE-2024-0727-4879ad0e",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_npas.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"length": 513.0,
"function_hash": "273234016888167268496774117472332195433"
},
"id": "CVE-2024-0727-4b24af20",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_authsafes"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"length": 1830.0,
"function_hash": "45893428469298328029066994255430150373"
},
"id": "CVE-2024-0727-4d8c4a3e",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_npas.c",
"function": "newpass_p12"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"length": 2475.0,
"function_hash": "54894531063954848341214018546764848135"
},
"id": "CVE-2024-0727-6282d983",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_mutl.c",
"function": "pkcs12_gen_mac"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"length": 210.0,
"function_hash": "333028959984917278694927510681728381344"
},
"id": "CVE-2024-0727-757d1f5a",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7data"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"length": 1974.0,
"function_hash": "77169075408787468989305255514508465969"
},
"id": "CVE-2024-0727-7f3cb0e3",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_npas.c",
"function": "newpass_p12"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"length": 2475.0,
"function_hash": "54894531063954848341214018546764848135"
},
"id": "CVE-2024-0727-88135226",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_mutl.c",
"function": "pkcs12_gen_mac"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"162205749889552067302671686677285798971",
"271389607888579791188040461861165628176",
"41822622116140541826955941144504540743",
"306574142732274553694180113893893844050",
"270828334209207072344258822960984421822"
]
},
"id": "CVE-2024-0727-8a39c099",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_npas.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"94565292678425600706526941081143791144",
"291509512094961011147097874806618412819",
"307014549478365771068281427405108220329"
]
},
"id": "CVE-2024-0727-99861de9",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_mutl.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"162205749889552067302671686677285798971",
"62916601206176494174325247965028198519",
"298846068646552322260006094083018834813",
"430959103561626567681973257075914579",
"125364202502203268742091651817796347498"
]
},
"id": "CVE-2024-0727-adea51a6",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_npas.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"length": 325.0,
"function_hash": "194020094912954504955703780283563830022"
},
"id": "CVE-2024-0727-b1b449d5",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7encdata"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"254206606544614360936062330058351433436",
"314353434550008058260823999728207906114",
"218896389729317207199284546770105500915",
"320646797388159632280364676300282235588",
"161113838116863401045127193490509271133",
"338270744603574003720802330988830835824",
"298020093527676535241916322169787918007",
"89501273661907627308889131336005944837",
"307879638840763789282195495664351335911",
"89519541668127182159998066178221927668",
"84858261885116481245449646700195905295",
"85596577219996152654612001892629244431"
]
},
"id": "CVE-2024-0727-b6052ea5",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"length": 1830.0,
"function_hash": "45893428469298328029066994255430150373"
},
"id": "CVE-2024-0727-ba33a4ba",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_npas.c",
"function": "newpass_p12"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"length": 466.0,
"function_hash": "160498122484118960476771748577817465290"
},
"id": "CVE-2024-0727-bfe97028",
"deprecated": false,
"target": {
"file": "crypto/pkcs7/pk7_mime.c",
"function": "SMIME_write_PKCS7"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"94565292678425600706526941081143791144",
"291509512094961011147097874806618412819",
"307014549478365771068281427405108220329"
]
},
"id": "CVE-2024-0727-d05f3ff8",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_mutl.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"length": 270.0,
"function_hash": "134765480971594417393433888353741247788"
},
"id": "CVE-2024-0727-d81de12b",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c",
"function": "PKCS12_unpack_p7data"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"length": 466.0,
"function_hash": "160498122484118960476771748577817465290"
},
"id": "CVE-2024-0727-da016ee7",
"deprecated": false,
"target": {
"file": "crypto/pkcs7/pk7_mime.c",
"function": "SMIME_write_PKCS7"
},
"signature_type": "Function",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"254206606544614360936062330058351433436",
"113703986237416735135723974962592169452",
"272160728874650139291336184160418059556",
"40158151038026086505942727135503340251",
"161113838116863401045127193490509271133",
"338270744603574003720802330988830835824",
"298020093527676535241916322169787918007",
"89501273661907627308889131336005944837",
"307879638840763789282195495664351335911",
"217456522016759296704814847461623572690",
"102637731999926978760594596333101286778",
"106744556006121197296678793178085563362"
]
},
"id": "CVE-2024-0727-e5f9b0fb",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"254206606544614360936062330058351433436",
"113703986237416735135723974962592169452",
"272160728874650139291336184160418059556",
"40158151038026086505942727135503340251",
"161113838116863401045127193490509271133",
"338270744603574003720802330988830835824",
"298020093527676535241916322169787918007",
"89501273661907627308889131336005944837",
"307879638840763789282195495664351335911",
"217456522016759296704814847461623572690",
"102637731999926978760594596333101286778",
"106744556006121197296678793178085563362"
]
},
"id": "CVE-2024-0727-e8057ea0",
"deprecated": false,
"target": {
"file": "crypto/pkcs12/p12_add.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"54998105321175495578319586477756171862",
"27242587424021545056777855475316245801",
"337397586984693763686059784969887335595",
"299175552626186616788920041986912461875",
"157312413621871896934981344146950617976",
"338428649582961127361140116670869127063",
"171384483322500739362893766309638215123"
]
},
"id": "CVE-2024-0727-e94ad7b8",
"deprecated": false,
"target": {
"file": "crypto/pkcs7/pk7_mime.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"54998105321175495578319586477756171862",
"27242587424021545056777855475316245801",
"337397586984693763686059784969887335595",
"299175552626186616788920041986912461875",
"157312413621871896934981344146950617976",
"338428649582961127361140116670869127063",
"171384483322500739362893766309638215123"
]
},
"id": "CVE-2024-0727-f75e605e",
"deprecated": false,
"target": {
"file": "crypto/pkcs7/pk7_mime.c"
},
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
}
]
}