CVE-2024-12797

EUVD-2024-51115

11.02.2025, 16:15

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
server may fail to notice that the server was not authenticated, because
handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode
is set.

Impact summary: TLS and DTLS connections using raw public keys may be
vulnerable to man-in-middle attacks when server authentication failure is not
detected by clients.

RPKs are disabled by default in both TLS clients and TLS servers. The issue
only arises when TLS clients explicitly enable RPK use by the server, and the
server, likewise, enables sending of an RPK instead of an X.509 certificate
chain. The affected clients are those that then rely on the handshake to
fail when the server's RPK fails to match one of the expected public keys,
by setting the verification mode to SSL_VERIFY_PEER.

Clients that enable server-side raw public keys can still find out that raw
public key verification failed by calling SSL_get_verify_result(), and those
that do, and take appropriate action, are not affected. This issue was
introduced in the initial implementation of RPK support in OpenSSL 3.2.

The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CISA-ADP	ADP	6.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Debian Releases

Debian Product

Codename

openssl

bookworm	3.0.17-1~deb12u2 not-affected
bookworm (security)	3.0.17-1~deb12u3 fixed
bullseye	1.1.1w-0+deb11u1 not-affected
bullseye (security)	1.1.1w-0+deb11u4 fixed
forky	3.5.4-1 fixed
sid	3.5.4-1 fixed
trixie	3.5.4-1~deb13u1 fixed
trixie (security)	3.5.1-1+deb13u1 fixed

Ubuntu Releases

Ubuntu Product

Codename

openssl

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
oracular	Fixed 3.3.1-2ubuntu2.1 released
plucky	Fixed 3.4.1-1ubuntu1 released
trusty	not-affected
xenial	not-affected

openssl1.0

bionic	not-affected
focal	dne
jammy	dne
noble	dne
oracular	dne
plucky	dne

nodejs

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
oracular	not-affected
plucky	not-affected
trusty	not-affected
xenial	not-affected

edk2

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
oracular	not-affected
plucky	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-392 - Missing Report of Error Condition
The software encounters an error but does not provide a status code or return value to indicate that an error has occurred.

References

https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9

https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7

https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699

https://openssl-library.org/news/secadv/20250211.txt

http://www.openwall.com/lists/oss-security/2025/02/11/3

http://www.openwall.com/lists/oss-security/2025/02/11/4

https://security.netapp.com/advisory/ntap-20250214-0001/