Pierluigi Paganini February 11, 2025

OpenSSL patched the vulnerability CVE-2024-12797, a high-severity flaw found by Apple that enables man-in-the-middle attacks.

The OpenSSL Project addressed a high-severity vulnerability, tracked as CVE-2024-12797, in its secure communications library. 

The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. OpenSSL contains an open-source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.

TLS/DTLS connections by clients using RFC7250 raw public keys (RPKs) may be vulnerable to man-in-the-middle (MitM) attacks due to failed server authentication checks in SSL_VERIFY_PEER mode.

Apple researchers reported the vulnerability on December 18th, 2024, and was fixed by Viktor Dukhovni.

The vulnerability impacts TLS clients that explicitly enable RPKs and rely on SSL_VERIFY_PEER to detect authentication failures. Project maintainers pointed out that RPKs are disabled by default in both TLS clients and TLS servers.

“The issue only arises when TLS clients explicitly enable RPK use by the server, and the server, likewise, enables sending of an RPK instead of an X.509 certificate chain.” reads the advisory. “The affected clients are those that then rely on the handshake to fail when the server’s RPK fails to match one of the expected public keys, by setting the verification mode to SSL_VERIFY_PEER.”

Anyway, clients that enable server-side raw public keys can still check the failure of raw public key verification by calling SSL_get_verify_result(). This vulnerability was introduced in the initial implementation of RPK support in OpenSSL 3.2.

OpenSSL 3.4, 3.3 and 3.2 are impacted by the CVE-2024-12797 vulnerability, which was addressed with the release of versions 3.4.1, 3.3.2 and 3.2.4.

In November 2022, the OpenSSL project issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786, in its cryptography library. The flaws impact versions 3.0.0 through 3.0.6 of the library.

Both flaws are buffer overrun issues that can be triggered in X.509 certificate verification by providing a specially crafted email address. 

“The first, CVE-2022-3786, allows a threat actor to “craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.` character.”  The second, CVE-2022-3602, is similar, but in this case, a threat actor could “craft a malicious email to overflow four attacker-controlled bytes on the stack.” These could result in a denial of service or remote code execution.” reads a post published by Censys.

This buffer overflow could cause a denial of service condition or potentially lead to remote code execution.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini (SecurityAffairs – hacking, CVE-2024-12797)