CVE-2024-0727: PKCS12 Decoding crashes

Published Jan 23, 2024
·
Updated

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack

Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly.

A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue.

OpenSSL APIs that are vulnerable to this are: PKCS12parse(), PKCS12unpackp7data(), PKCS12unpackp7encdata(), PKCS12unpackauthsafes() and PKCS12newpass().

We have also fixed a similar issue in SMIMEwritePKCS7(). However since this function is related to writing data we do not consider it security significant.

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

Other sources

OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could exploit this vulnerability to cause the application to crash.

IBM

PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. The OpenSSL project did announce a new release, which is assumed to contain this bug fix; that release will be published on Jan 30th.

Reference: https://github.com/openssl/openssl/pull/23362

Red Hat

Affected Software

21 affected componentsFixes available
pip/cryptography<42.0.2
42.0.2
OpenSSL OpenSSL>=1.0.2<1.0.2zj
OpenSSL OpenSSL>=1.1.1<1.1.1x
OpenSSL OpenSSL>=3.0.0<3.0.13
OpenSSL OpenSSL>=3.1.0<3.1.5
OpenSSL OpenSSL=3.2.0
debian/openssl<=1.1.1w-0+deb11u1
1.1.1w-0+deb11u23.0.15-1~deb12u13.0.14-1~deb12u23.5.0-1
Microsoft azl3 openssl 3.1.4-9
Patch available
Microsoft azl3 cloud-hypervisor-cvm 38.0.72-2
Patch available
Microsoft cbl2 cloud-hypervisor-cvm 38.0.72-1
Patch available
Microsoft cbl2 hvloader 1.0.1-11
Patch available
Microsoft azl3 nodejs 16.20.2-2
Patch available
Microsoft azl3 kata-containers 3.2.0.azl0-2
Patch available
Microsoft cbl2 nodejs 16.20.2-2
Patch available
Microsoft azl3 openssl 1.1.1k-29
Patch available
Microsoft cbl2 openssl 1.1.1k-36
Patch available
Microsoft azl3 cloud-hypervisor-cvm 38.0.72.2-1
Patch available
Microsoft cbl2 hvloader 1.0.1-9
Patch available
Microsoft cbl2 openssl 1.1.1k-29
Patch available
Microsoft cbl2 cloud-hypervisor-cvm 38.0.72.2-1
Patch available
Microsoft azl3 kata-containers 3.2.0.azl1-1
Patch available

Remediation

Patch Available

https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

Patch Available

https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a

Patch Available

https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c

Patch Available

https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8

Patch Available

https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539

Patch Available

https://git.openssl.org/?p=openssl.git;a=commit;h=09df4395b5071217b76dc7d3d2e630eb8c5a79c2

Event History

Jan 23, 2024
Data Sourced
via Red Hat·10:27 PM
DescriptionSeverityAffected Software
Jan 26, 2024
CVE Published
via MITRE·08:57 AM
Data Sourced
via MITRE·08:57 AM
DescriptionWeakness
Data Sourced
via NVD·09:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Advisory Published
via GitHub·09:30 AM
Jan 29, 2024
Data Sourced
via Microsoft·08:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
DescriptionSeverity
May 31, 2024
Data Sourced
via Launchpad·01:26 PM
Description
Sep 20, 2024
Data Sourced
via Ubuntu·01:43 PM
RemedyDescriptionSeverityAffected Software
Feb 4, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-0727?

CVE-2024-0727 is classified as a Denial of Service vulnerability due to potential application crashes.

2

How do I fix CVE-2024-0727?

To fix CVE-2024-0727, update OpenSSL to the recommended versions or later, such as 1.1.1w-0+deb11u2 or 3.2.0.

3

Which versions are affected by CVE-2024-0727?

CVE-2024-0727 affects multiple versions of OpenSSL, specifically those prior to 1.1.1x, 3.0.13, and 3.1.5.

4

Can CVE-2024-0727 be exploited remotely?

CVE-2024-0727 can potentially be exploited when applications process malformed PKCS12 files from untrusted sources.

5

What impact does CVE-2024-0727 have on systems?

The impact of CVE-2024-0727 includes application crashes, leading to potential downtime and service availability issues.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203