CVE-2024-0727NULL Pointer Dereference in Openssl

CWE-476NULL Pointer Dereference28 documents9 sources
Severity
5.5MEDIUMNVD
OSV7.4OSV5.3OSV3.7
EPSS
0.2%
top 53.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
28
OpensslCryptography.io CryptographyTianocore Edk2+25 more
Timeline
PublishedJan 26
Latest updateNov 28

Description

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereferen

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages32 packages

debiandebian/openssl< openssl 3.0.13-1~deb12u1 (bookworm)
CVEListV5openssl/openssl3.2.03.2.1
NVDopenssl/openssl1.0.21.0.2zj+4
Alpineopenssl/openssl< 3.0.12-r4+6
Debianopenssl/openssl< 1.1.1w-0+deb11u2+3

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

10
OSV
edk2 regression2025-11-28
OSV
edk2 vulnerabilities2025-11-26
OSV
openssl vulnerabilities2024-09-18
OSV
openssl1.0 vulnerabilities2024-03-21
OSV
openssl vulnerabilities2024-02-13

📋Vendor Advisories

17
Ubuntu
EDK II regression2025-11-28
Ubuntu
EDK II vulnerabilities2025-11-26
CISA ICS
Siemens SIDIS Prime2025-04-10
CISA ICS
Siemens SCALANCE W7002025-02-13
CISA ICS
Siemens SINEC NMS2024-11-14
CVE-2024-0727 — NULL Pointer Dereference in Openssl | cvebase