Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.
Impact summary: Abnormal termination of an application can a cause a denial of
service.
Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.
Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.
TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a reference identifier (expected
identity), but rather extract the presented identity after checking the
certificate chain. So TLS servers are generally not affected and the severity
of the issue is Moderate.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
History
03 Jun 2025, 10:51
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h500s Firmware
Netapp Netapp hci Compute Node Netapp h610s Firmware Netapp h615c Firmware Netapp c250 Netapp 500f Firmware Netapp h300s Firmware Netapp management Services For Element Software And Netapp Hci Netapp a250 Firmware Netapp h610c Netapp h410c Firmware Netapp h610s Netapp a250 Netapp h410s Firmware Netapp h700s Firmware Openssl openssl Netapp h700s Netapp h410c Netapp ontap 9 Netapp h500s Netapp 500f Netapp h610c Firmware Netapp ontap Tools Netapp h300s Netapp h410s Netapp brocade Fabric Operating System Openssl Netapp active Iq Unified Manager Netapp c250 Firmware Netapp ontap Select Deploy Administration Utility Netapp bootstrap Os Netapp h615c |
|
References | () https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f - Patch | |
References | () https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6 - Patch | |
References | () https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2 - Patch | |
References | () https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0 - Patch | |
References | () https://openssl-library.org/news/secadv/20240903.txt - Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2024/09/03/4 - Mailing List | |
References | () https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html - Mailing List | |
References | () https://security.netapp.com/advisory/ntap-20240912-0001/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:c250:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_9:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:c250_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:brocade_fabric_operating_system:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:* cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* |
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
03 Sep 2024, 21:35
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
03 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 16:15
Updated : 2025-06-03 10:51
NVD link : CVE-2024-6119
Mitre link : CVE-2024-6119
CVE.ORG link : CVE-2024-6119
JSON object : View
Products Affected
netapp
- h700s_firmware
- h700s
- h500s
- h610c
- management_services_for_element_software_and_netapp_hci
- brocade_fabric_operating_system
- h610s
- h615c_firmware
- hci_compute_node
- h410s_firmware
- h300s
- h410c_firmware
- ontap_9
- h300s_firmware
- ontap_select_deploy_administration_utility
- bootstrap_os
- h615c
- 500f_firmware
- h410s
- active_iq_unified_manager
- ontap_tools
- c250
- c250_firmware
- h500s_firmware
- a250
- a250_firmware
- h610c_firmware
- h410c
- h610s_firmware
- 500f
openssl
- openssl
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')