VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ypp8-vqu8-f7en

Essentials
Severities (86)
References (23)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ypp8-vqu8-f7en
Aliases	CVE-2024-12797 GHSA-79v4-65xg-pq4g
Summary	openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected
Status	Published
Exploitability	0.5
Weighted Severity	6.7
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-295	Improper Certificate Validation
CWE-392	Missing Report of Error Condition
CWE-1395	Dependency on Vulnerable Third-Party Component
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.0013	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00151	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00159	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00159	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00159	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00159	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00159	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
epss	0.01077	https://api.first.org/data/v1/epss?cve=CVE-2024-12797
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-79v4-65xg-pq4g
cvssv3.1	6.3	https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
generic_textual	LOW	https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
ssvc	Track	https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
cvssv3.1	6.3	https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
generic_textual	LOW	https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
ssvc	Track	https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
cvssv3.1	6.3	https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
generic_textual	LOW	https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
ssvc	Track	https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
generic_textual	LOW	https://github.com/pyca/cryptography
cvssv3.1_qr	LOW	https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g
generic_textual	LOW	https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2024-12797
cvssv3.1	6.3	https://openssl-library.org/news/secadv/20250211.txt
generic_textual	LOW	https://openssl-library.org/news/secadv/20250211.txt
ssvc	Track	https://openssl-library.org/news/secadv/20250211.txt
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2025/02/11/3
generic_textual	LOW	http://www.openwall.com/lists/oss-security/2025/02/11/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-12797
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pyca/cryptography
		https://security.netapp.com/advisory/ntap-20250214-0001/
		http://www.openwall.com/lists/oss-security/2025/02/11/3
		http://www.openwall.com/lists/oss-security/2025/02/11/4
1095765		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095765
20250211.txt		https://openssl-library.org/news/secadv/20250211.txt
2342757		https://bugzilla.redhat.com/show_bug.cgi?id=2342757
738d4f9fdeaad57660dcba50a619fafced3fd5e9		https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9
798779d43494549b611233f92652f0da5328fbe7		https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7
87ebd203feffcf92ad5889df92f90bb0ee10a699		https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699
CVE-2024-12797		https://nvd.nist.gov/vuln/detail/CVE-2024-12797
GHSA-79v4-65xg-pq4g		https://github.com/advisories/GHSA-79v4-65xg-pq4g
GHSA-79v4-65xg-pq4g		https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g
RHSA-2025:1330		https://access.redhat.com/errata/RHSA-2025:1330
RHSA-2025:1487		https://access.redhat.com/errata/RHSA-2025:1487
RHSA-2025:1925		https://access.redhat.com/errata/RHSA-2025:1925
RHSA-2025:1985		https://access.redhat.com/errata/RHSA-2025:1985
RHSA-2025:2754		https://access.redhat.com/errata/RHSA-2025:2754
RHSA-2025:4005		https://access.redhat.com/errata/RHSA-2025:4005
USN-7264-1		https://usn.ubuntu.com/7264-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/ Found at https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/ Found at https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/ Found at https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://openssl-library.org/news/secadv/20250211.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T20:24:14Z/ Found at https://openssl-library.org/news/secadv/20250211.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.27406
EPSS Score	0.00117
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-03-28T05:42:33.645003+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12797.json	36.0.0