CVE-2024-12797

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.2 through 3.4

Description The issue arises when TLS clients explicitly enable the use of Raw Public Keys (RPKs) by the server, and the server enables sending of an RPK instead of an X.509 certificate chain. Clients that rely on the handshake to fail when the server's RPK fails to match one of the expected public keys, by setting the verification mode to SSL VERIFY PEER, may not notice that the server was not authenticated. This could lead to man-in-the-middle attacks on TLS and DTLS connections using RPKs. RPKs are disabled by default in both TLS clients and TLS servers. The FIPS modules in versions 3.0, 3.1, 3.2, 3.3, and 3.4 are not affected by this issue. It is estimated that over 71 million services may be vulnerable.

Recommendations To resolve the issue, upgrade to version 3.2.4, 3.3.2, or 3.4.1, as these versions have the vulnerability patched. For versions 3.2, 3.3, and 3.4, upgrade to the respective patched versions to prevent man-in-the-middle attacks. As a temporary workaround, consider disabling the use of RPKs until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the SSL VERIFY PEER verification mode in the affected API endpoints until the issue is resolved.