VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-s5tq-per2-sbam

Essentials
Severities (50)
References (24)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-s5tq-per2-sbam
Aliases	CVE-2024-12797 GHSA-79v4-65xg-pq4g
Summary	Vulnerable OpenSSL included in cryptography wheels pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt. If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.
Status	Published
Exploitability	0.5
Weighted Severity	6.7
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-1395	Dependency on Vulnerable Third-Party Component
CWE-392	Missing Report of Error Condition
CWE-295	Improper Certificate Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00259	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00259	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00259	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00259	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00304	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00307	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-79v4-65xg-pq4g
cvssv3.1	6.3	https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
generic_textual	LOW	https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
ssvc	Track	https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
cvssv3.1	6.3	https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
generic_textual	LOW	https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
ssvc	Track	https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
cvssv3.1	6.3	https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
generic_textual	LOW	https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
ssvc	Track	https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
generic_textual	LOW	https://github.com/pyca/cryptography
cvssv3.1_qr	LOW	https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g
generic_textual	LOW	https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2024-12797
cvssv3.1	6.3	https://openssl-library.org/news/secadv/20250211.txt
generic_textual	LOW	https://openssl-library.org/news/secadv/20250211.txt
ssvc	Track	https://openssl-library.org/news/secadv/20250211.txt
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2025/02/11/3
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2025/02/11/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-12797
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
		https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
		https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
		https://github.com/pyca/cryptography
		https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g
		https://nvd.nist.gov/vuln/detail/CVE-2024-12797
		https://openssl-library.org/news/secadv/20250211.txt
		https://security.netapp.com/advisory/ntap-20250214-0001/
		http://www.openwall.com/lists/oss-security/2025/02/11/3
		http://www.openwall.com/lists/oss-security/2025/02/11/4
1095765		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095765
2342757		https://bugzilla.redhat.com/show_bug.cgi?id=2342757
GHSA-79v4-65xg-pq4g		https://github.com/advisories/GHSA-79v4-65xg-pq4g
RHSA-2025:1330		https://access.redhat.com/errata/RHSA-2025:1330
RHSA-2025:1487		https://access.redhat.com/errata/RHSA-2025:1487
RHSA-2025:1925		https://access.redhat.com/errata/RHSA-2025:1925
RHSA-2025:1985		https://access.redhat.com/errata/RHSA-2025:1985
RHSA-2025:2754		https://access.redhat.com/errata/RHSA-2025:2754
RHSA-2025:4005		https://access.redhat.com/errata/RHSA-2025:4005
RHSA-2025:9895		https://access.redhat.com/errata/RHSA-2025:9895
USN-7264-1		https://usn.ubuntu.com/7264-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/ Found at https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/ Found at https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/ Found at https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://openssl-library.org/news/secadv/20250211.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/ Found at https://openssl-library.org/news/secadv/20250211.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.44922
EPSS Score	0.00222
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:37:37.911008+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-79v4-65xg-pq4g/GHSA-79v4-65xg-pq4g.json	37.0.0