{"id":"CVE-2024-6119","details":"Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain.  So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.","modified":"2026-04-16T04:35:29.954379366Z","published":"2024-09-03T16:15:07.177Z","related":["ALSA-2024:6783","ALSA-2024:8935","CGA-mr6w-v7h5-px4g","SUSE-SU-2024:3105-1","SUSE-SU-2024:3106-1","SUSE-SU-2024:3107-1","SUSE-SU-2025:1516-1","SUSE-SU-2025:20014-1","openSUSE-SU-2024:14317-1"],"references":[{"type":"ADVISORY","url":"https://openssl-library.org/news/secadv/20240903.txt"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240912-0001/"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0"},{"type":"FIX","url":"https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/09/03/4"},{"type":"ARTICLE","url":"https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"c523121f902fde2929909dc7f76b13ceb4961efe"},{"introduced":"a92271e03a8d0dee507b6f1e7f49512568b2c7ad"},{"fixed":"3c6a7a1c3b88d9afaf2828cff7adefba27b52493"},{"introduced":"cf2877791ce7508684109664f467c9e40987692f"},{"fixed":"45fda76bc1b9fd74d10e85e0ce9b65a12dcc58b0"},{"introduced":"4cb31128b5790819dfeea2739fbde265f71a10a2"},{"fixed":"fb7fab9fa6f4869eaa8fbb97e0d593159f03ffe4"},{"introduced":"0"},{"last_affected":"3da3c85a3f02b244dfaeadfeb7d8d0554f9d0f45"},{"fixed":"05f360d9e849a1b277db628f1f13083a7f8dd04f"},{"fixed":"06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6"},{"fixed":"621f3729831b05ee828a3203eddb621d014ff2b2"},{"fixed":"7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.0.15"},{"introduced":"3.1.0"},{"fixed":"3.1.7"},{"introduced":"3.2.0"},{"fixed":"3.2.3"},{"introduced":"3.3.0"},{"fixed":"3.3.2"},{"introduced":"0"},{"last_affected":"9"}]}}],"versions":["BEFORE_engine","BEN_FIPS_TEST_7","BEN_FIPS_TEST_8","FIPS_TEST_9","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6-beta3","OpenSSL_0_9_7","OpenSSL_0_9_7-beta1","OpenSSL_0_9_7-beta2","OpenSSL_0_9_7-beta3","OpenSSL_0_9_7-beta4","OpenSSL_0_9_7-beta6","OpenSSL_0_9_7a","OpenSSL_0_9_7b","OpenSSL_0_9_7c","OpenSSL_0_9_7e","OpenSSL_0_9_7f","OpenSSL_0_9_7g","openssl-3.0.0","openssl-3.0.1","openssl-3.0.10","openssl-3.0.11","openssl-3.0.12","openssl-3.0.13","openssl-3.0.14","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.0.8","openssl-3.0.9","openssl-3.1.0","openssl-3.1.1","openssl-3.1.2","openssl-3.1.3","openssl-3.1.4","openssl-3.1.5","openssl-3.1.6","openssl-3.2.0","openssl-3.2.1","openssl-3.2.2","openssl-3.3.0","openssl-3.3.1"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2024-6119-044ff3da","signature_version":"v1","source":"https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0","target":{"function":"do_x509_check","file":"crypto/x509/v3_utl.c"},"signature_type":"Function","digest":{"length":2208,"function_hash":"297664809786249337571823979395707390878"}},{"digest":{"length":2208,"function_hash":"297664809786249337571823979395707390878"},"deprecated":false,"signature_version":"v1","source":"https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f","target":{"function":"do_x509_check","file":"crypto/x509/v3_utl.c"},"signature_type":"Function","id":"CVE-2024-6119-220f4ca1"},{"source":"https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6","id":"CVE-2024-6119-50341c83","signature_version":"v1","deprecated":false,"target":{"file":"crypto/x509/v3_utl.c"},"signature_type":"Line","digest":{"line_hashes":["312509595223100330321168542960068521398","319266265031216505638484196209472646460","296079654573672400548945735349135811280","194161770504940970465947950317370227091","73226098924675181745070420742688194742","255100152389407014534060742640319525810","107641711996716981332973422033573633836","303780277160542456811857748733040052334","237165447602642162049737081847754347163","107764604441473243147620128203638618000","151126181812792562984095161370891701060","4914184778609755054228034190581391857","161517805418542012351445002989466214544","303171268813032197018786524572236165874","50465076649490212505887053791069383449","56470871547176072964184479275180871571","35449687704601343526630423163744494434","313319308398363429846252835852704178809","29461512218044329177890213465380128015","82382258557022042776381891418426592152","296892898642593274297886691777755395691","120168245930382797205053878460718689153","22704970505423948146511268931125275567","198149435281904132219632876852304727639","313214299605774514910492253003894830047","7411922691764788490973855371329664708"],"threshold":0.9}},{"id":"CVE-2024-6119-764d9b2a","deprecated":false,"signature_version":"v1","source":"https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6","target":{"function":"do_x509_check","file":"crypto/x509/v3_utl.c"},"signature_type":"Function","digest":{"length":2208,"function_hash":"297664809786249337571823979395707390878"}},{"source":"https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2","id":"CVE-2024-6119-7d5c83ae","signature_version":"v1","deprecated":false,"target":{"function":"do_x509_check","file":"crypto/x509/v3_utl.c"},"signature_type":"Function","digest":{"length":2208,"function_hash":"297664809786249337571823979395707390878"}},{"deprecated":false,"id":"CVE-2024-6119-83950886","signature_version":"v1","source":"https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f","target":{"file":"crypto/x509/v3_utl.c"},"signature_type":"Line","digest":{"line_hashes":["312509595223100330321168542960068521398","319266265031216505638484196209472646460","296079654573672400548945735349135811280","194161770504940970465947950317370227091","73226098924675181745070420742688194742","255100152389407014534060742640319525810","107641711996716981332973422033573633836","303780277160542456811857748733040052334","237165447602642162049737081847754347163","107764604441473243147620128203638618000","151126181812792562984095161370891701060","4914184778609755054228034190581391857","161517805418542012351445002989466214544","303171268813032197018786524572236165874","50465076649490212505887053791069383449","56470871547176072964184479275180871571","35449687704601343526630423163744494434","313319308398363429846252835852704178809","29461512218044329177890213465380128015","82382258557022042776381891418426592152","296892898642593274297886691777755395691","120168245930382797205053878460718689153","22704970505423948146511268931125275567","198149435281904132219632876852304727639","313214299605774514910492253003894830047","7411922691764788490973855371329664708"],"threshold":0.9}},{"digest":{"line_hashes":["312509595223100330321168542960068521398","319266265031216505638484196209472646460","296079654573672400548945735349135811280","194161770504940970465947950317370227091","73226098924675181745070420742688194742","255100152389407014534060742640319525810","107641711996716981332973422033573633836","303780277160542456811857748733040052334","237165447602642162049737081847754347163","107764604441473243147620128203638618000","151126181812792562984095161370891701060","4914184778609755054228034190581391857","161517805418542012351445002989466214544","303171268813032197018786524572236165874","50465076649490212505887053791069383449","56470871547176072964184479275180871571","35449687704601343526630423163744494434","313319308398363429846252835852704178809","29461512218044329177890213465380128015","82382258557022042776381891418426592152","296892898642593274297886691777755395691","120168245930382797205053878460718689153","22704970505423948146511268931125275567","198149435281904132219632876852304727639","313214299605774514910492253003894830047","7411922691764788490973855371329664708"],"threshold":0.9},"deprecated":false,"signature_version":"v1","source":"https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0","target":{"file":"crypto/x509/v3_utl.c"},"signature_type":"Line","id":"CVE-2024-6119-9e611542"},{"deprecated":false,"id":"CVE-2024-6119-f3fd2c57","signature_version":"v1","source":"https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2","target":{"file":"crypto/x509/v3_utl.c"},"signature_type":"Line","digest":{"line_hashes":["312509595223100330321168542960068521398","319266265031216505638484196209472646460","296079654573672400548945735349135811280","194161770504940970465947950317370227091","73226098924675181745070420742688194742","255100152389407014534060742640319525810","107641711996716981332973422033573633836","303780277160542456811857748733040052334","237165447602642162049737081847754347163","107764604441473243147620128203638618000","151126181812792562984095161370891701060","4914184778609755054228034190581391857","161517805418542012351445002989466214544","303171268813032197018786524572236165874","50465076649490212505887053791069383449","56470871547176072964184479275180871571","35449687704601343526630423163744494434","313319308398363429846252835852704178809","29461512218044329177890213465380128015","82382258557022042776381891418426592152","296892898642593274297886691777755395691","120168245930382797205053878460718689153","22704970505423948146511268931125275567","198149435281904132219632876852304727639","313214299605774514910492253003894830047","7411922691764788490973855371329664708"],"threshold":0.9}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6119.json","vanir_signatures_modified":"2026-04-12T17:29:14Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}