CVE-2024-6119 is a recently discovered security vulnerability in certain applications performing certificate name checks, such as TLS clients checking server certificates. This vulnerability can lead to an invalid memory address read, which ultimately results in abnormal termination of the application process and causing a denial of service (DoS).

Issue Summary

The main issue with CVE-2024-6119 is that when applications attempt to compare the expected name with an otherName subject alternative name of an X.509 certificate, they may read an invalid memory address. Consequently, this can lead to an exception, causing the application to terminate unexpectedly.

Impact Summary

The primary impact of CVE-2024-6119 is that the abnormal termination of an application can result in a denial of service. This issue mostly affects TLS clients checking server certificates and does not impact basic certificate chain validation (signatures, dates, etc.). The severity of this vulnerability is considered moderate, as TLS servers are generally not affected.

To demonstrate how this vulnerability can be exploited, consider the following sample code snippet

#include <string.h>
#include <openssl/x509v3.h>

int main(void) {
    X509 *cert = NULL;
    STACK_OF(GENERAL_NAME) *names = NULL;
    GENERAL_NAME *name = NULL;
    int i, ret = ;

    cert = read_cert_from_file("example_cert.pem");
    if (cert == NULL) {
        fprintf(stderr, "Failed to read certificate\n");
        return 1;
    }

    names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
    for (i = ; i < sk_GENERAL_NAME_num(names); i++) {
        name = sk_GENERAL_NAME_value(names, i);
        if (name->type == GEN_OTHERNAME) {
            ret = certificate_name_check(name);
            break;
        }
    }
    if (ret == ) {
        fprintf(stderr, "Vulnerable to CVE-2024-6119\n");
    } else {
        printf("Not vulnerable to CVE-2024-6119\n");
    }
    return ;
}

In this example, the application reads an X.509 certificate from a file and extracts the subject alternative names. If an otherName subject alternative name is encountered, the application tries to perform a certificate name check, potentially resulting in an invalid memory address read and application crash.

Original References

1. CVE-2024-6119 - Vulnerability Details
2. OpenSSL Security Advisory

Mitigation

To mitigate this vulnerability, you are advised to apply available patches or updates provided by software vendors and to keep your software dependencies up-to-date. Regularly reviewing your application's security posture, conducting code reviews, and using secure coding techniques can also help prevent similar vulnerabilities in the future.

Disclaimer: The provided code snippet and links to references are for informational purposes only. The author and publisher of this post are not responsible for any potential damages or issues arising from the use of the provided content.

Timeline

Published on: 09/03/2024 16:15:07 UTC
Last modified on: 09/03/2024 21:35:12 UTC