OpenSSL Security Update Advisory (CVE-2024-12797)

Feb 18 2025

Overview

We have released a security update to address a vulnerability in OpenSSL. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-12797

OpenSSL Version: 3.4
OpenSSL Version: 3.3
OpenSSL version: 3.2

Resolved Vulnerabilities

Unbroken handshake with an unauthenticated server (CVE-2024-12797)

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-12797

OpenSSL version: 3.4.1
OpenSSL version: 3.3.3
OpenSSL version: 3.2.4

References

[1] RFC7250 handshakes with unauthenticated servers don’t abort as expected (CVE-2024-12797)
https://openssl-library.org/news/secadv/20250211.txt

OpenSSL Security Update Advisory (CVE-2024-12797)

WinZip Security Update Advisory (CVE-2025-1240)

Xerox Product Security Update Advisory (CVE-2024-12511)

Tags:

WinZip Security Update Advisory (CVE-2025-1240)

Xerox Product Security Update Advisory (CVE-2024-12511)