INFBA-2025:6314: openssl security update
Information about definition
Identificator: INFBA-2025:6314
Type: bugfix
Release date: 2025-07-30 12:29:33 UTC
Information about package
OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.
Vulnerabilities description
- CVE-2024-12797
A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-12797
|
no information | 7.4 | no information |
Updated packages
Preparing to download...