OpenSSL Vulnerability Security Update Advisory (CVE-2024-6119)

Overview

 

An update has been released to address vulnerabilities in OpenSSL. Users of the affected versions are advised to update to the latest version.

 

Affected Products

 

CVE-2024-6119

• OpenSSL version: 3.3
• OpenSSL version: 3.2
• OpenSSL version: 3.1
• OpenSSL version: 3.0

 

Resolved Vulnerabilities

 

A denial-of-service vulnerability (CVE-2024-6119) where an application could read an invalid memory address during certificate name resolution, resulting in an abnormal termination

 

 

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-6119

• OpenSSL version: 3.3.2
• OpenSSL version: 3.2.3
• OpenSSL version: 3.1.7
• OpenSSL version: 3.0.15

 

 

References

 

[1] CVE-2024-6119 Detail

https://nvd.nist.gov/vuln/detail/cve-2024-6119

[2] openssl/commit/3.0

https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6

[3] openssl/commit/3.1

https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2

[4] openssl/commit/3.2

https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f

[5] openssl/commit/3.3

https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0

[6] OpenSSL Security Advisory [3rd September 2024]

https://openssl-library.org/news/secadv/20240903.txt