PKCS12 Decoding crashes

Summary

CVE	CVE-2024-0727
State	PUBLISHED
Assigner	openssl
Source Priority	CVE Program / NVD first with legacy fallback
Published	2024-01-26 09:15:07 UTC
Updated	2026-05-12 12:16:16 UTC
Description	Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

Risk And Classification

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Problem Types: CWE-476 | NVD-CWE-noinfo | CWE-476 CWE-476 NULL Pointer Dereference

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Primary	5.5	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H`
3.1	ADP	DECLARED	5.5	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	5.5	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H`

CVSS v3.1 Breakdown

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openssl	Openssl	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	OpenSSL	OpenSSL	affected 3.2.0 3.2.1 semver	Not specified
CNA	OpenSSL	OpenSSL	affected 3.1.0 3.1.5 semver	Not specified
CNA	OpenSSL	OpenSSL	affected 3.0.0 3.0.13 semver	Not specified
CNA	OpenSSL	OpenSSL	affected 1.1.1 1.1.1x custom	Not specified
CNA	OpenSSL	OpenSSL	affected 1.0.2 1.0.2zj custom	Not specified
ADP	Siemens	SIDIS Prime	affected V4.0.700 custom	Not specified
ADP	Siemens	SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem	affected * custom	Not specified
ADP	Siemens	SINEC NMS	affected V3.0 SP1 custom	Not specified

References

Reference	Source	Link	Tags
Add NULL checks where ContentInfo data can be NULL · openssl/openssl@d135eea · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com	Patch
cert-portal.siemens.com/productcert/html/ssa-265688.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	cert-portal.siemens.com
www.openwall.com/lists/oss-security/2024/03/11/1	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com
cert-portal.siemens.com/productcert/html/ssa-331112.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	cert-portal.siemens.com
Add NULL checks where ContentInfo data can be NULL · openssl/openssl@775acfd · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com	Patch
cert-portal.siemens.com/productcert/html/ssa-769027.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-915275.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-277137.html	0b142b55-0307-4c5a-b3c9-f314f3fb7c5e	cert-portal.siemens.com
Sign in to your account · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.openssl.org	Patch
security.netapp.com/advisory/ntap-20240208-0006	af854a3a-2127-422b-91ae-364da2661108	security.netapp.com
Add NULL checks where ContentInfo data can be NULL · openssl/openssl@09df439 · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.com	Patch
www.openssl.org/news/secadv/20240125.txt	af854a3a-2127-422b-91ae-364da2661108	www.openssl.org	Vendor Advisory
lists.debian.org/debian-lts-announce/2024/11/msg00000.html	af854a3a-2127-422b-91ae-364da2661108	lists.debian.org
lists.debian.org/debian-lts-announce/2024/10/msg00033.html	af854a3a-2127-422b-91ae-364da2661108	lists.debian.org
Sign in to your account · GitHub	af854a3a-2127-422b-91ae-364da2661108	github.openssl.org	Patch
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Bahaa Naamneh (Crosspoint Labs) (en)

CNA: Matt Caswell (en)

Legacy QID Mappings

200094 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-6622-1)
200107 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-6632-1)
200215 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-6709-1)
357238 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2024-520
357266 Amazon Linux Security Advisory for openssl11 : ALAS2-2024-2478
357271 Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2-2024-2479
357282 Amazon Linux Security Advisory for edk2 : ALAS2-2024-2483
357310 Amazon Linux Security Advisory for openssl-snapsafe : ALAS2OPENSSL-SNAPSAFE-2024-005
357333 Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502
379545 Splunk Enterprise Third Party Package Updates for March 2024 (SVD-2024-0303)
379546 Splunk Universal Forwarder Third Party Package Updates for March 2024 (SVD-2024-0304)
38920 Open Secure Sockets Layer (OpenSSL) Denial of Service Vulnerability
510693 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
510696 Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)
520014 Open Secure Sockets Layer (OpenSSL) NULL Pointer Dereference Vulnerability (CVE-2024-0727)
673832 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2024-1242)
674021 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2024-1220)
674137 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2024-1512)
674152 EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2024-1491)
691408 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (10dee731-c069-11ee-9190-84a93843eb75)
755771 SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2024:0518-1)
755801 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL)-1_1 (SUSE-SU-2024:0549-1)
755948 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL)-3 (SUSE-SU-2024:0815-1)
755949 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL)-1_0_0 (SUSE-SU-2024:0814-1)
755950 SUSE Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL)-1_1 (SUSE-SU-2024:0813-1)
755953 SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2024:0831-1)
755954 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2024:0833-1)
755956 SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2024:0832-1)
755958 SUSE Enterprise Linux Security Update for compat-openssl098 (SUSE-SU-2024:0840-1)
907968 Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (33937-1)
907987 Common Base Linux Mariner (CBL-Mariner) Security Update for nodejs (33935-1)
997266 Python (Pip) Security Update for cryptography (GHSA-9v9h-cgj8-h64p)