IM
IronMonkey Threat Research

CVE-2024-6119 HIGH

Published: 2024-09-03 | Last Modified: 2026-05-12 | Status: Modified

Description

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Additional Descriptions (1)

Resumen del problema: Las aplicaciones que realizan comprobaciones de nombres de certificados (por ejemplo, clientes TLS que comprueban certificados de servidor) pueden intentar leer una dirección de memoria no válida, lo que da como resultado la finalización anormal del proceso de la aplicación. Resumen del impacto: La finalización anormal de una aplicación puede causar una denegación de servicio. Las aplicaciones que realizan comprobaciones de nombres de certificados (por ejemplo, clientes TLS que comprueban certificados de servidor) pueden intentar leer una dirección de memoria no válida al comparar el nombre esperado con un nombre alternativo de sujeto `otherName` de un certificado X.509. Esto puede dar como resultado una excepción que finalice el programa de aplicación. Tenga en cuenta que la validación básica de la cadena de certificados (firmas, fechas, ...) no se ve afectada, la denegación de servicio puede ocurrir solo cuando la aplicación también especifica un nombre DNS, una dirección de correo electrónico o una dirección IP esperados. Los servidores TLS rara vez solicitan certificados de cliente, e incluso cuando lo hacen, generalmente no realizan una comprobación de nombre contra un identificador de referencia (identidad esperada), sino que extraen la identidad presentada después de comprobar la cadena de certificados. Por lo tanto, los servidores TLS generalmente no se ven afectados y la gravedad del problema es moderada. Los módulos FIPS en 3.3, 3.2, 3.1 y 3.0 no se ven afectados por este problema.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-843
[email protected] Primary
en CWE-843

Affected Products

Vendor Product Version Update Type
openssl openssl * <built-in method update of dict object at 0x702b70377c80> Application
openssl openssl * <built-in method update of dict object at 0x702bfc2a6280> Application
openssl openssl * <built-in method update of dict object at 0x702bfc2a6d80> Application
openssl openssl * <built-in method update of dict object at 0x702bcc9b3f00> Application
netapp active_iq_unified_manager - <built-in method update of dict object at 0x702b70374dc0> Application
netapp management_services_for_element_software_and_netapp_hci - <built-in method update of dict object at 0x702bcc9b1300> Application
netapp ontap_9 - <built-in method update of dict object at 0x702b70374c80> Application
netapp ontap_select_deploy_administration_utility - <built-in method update of dict object at 0x702bdd12a200> Application
netapp ontap_tools 9 <built-in method update of dict object at 0x702bfc2a55c0> Application
netapp brocade_fabric_operating_system - <built-in method update of dict object at 0x702bcc9b2300> Operating System
netapp h300s_firmware - <built-in method update of dict object at 0x702b703751c0> Operating System
netapp h500s_firmware - <built-in method update of dict object at 0x702bfc2a4940> Operating System
netapp h700s_firmware - <built-in method update of dict object at 0x702bdd1284c0> Operating System
netapp h410s_firmware - <built-in method update of dict object at 0x702b70374200> Operating System
netapp h410c_firmware - <built-in method update of dict object at 0x702b70375380> Operating System
netapp h610c_firmware - <built-in method update of dict object at 0x702b70374e00> Operating System
netapp h610s_firmware - <built-in method update of dict object at 0x702b70376440> Operating System
netapp h615c - <built-in method update of dict object at 0x702bfc2a6940> Hardware
netapp bootstrap_os - <built-in method update of dict object at 0x702bfc2a5b80> Operating System
netapp a250_firmware - <built-in method update of dict object at 0x702bcc9b01c0> Operating System
netapp 500f_firmware - <built-in method update of dict object at 0x702bdd12bf00> Operating System
netapp c250_firmware - <built-in method update of dict object at 0x702bfc2a5500> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:o:netapp:brocade_fabric_operating_system:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:*
Notification
Message here