CVE Tools
Sign in

CVE-2024-6119

Possible denial of service in X.509 name checks

Published: Sep 3, 2024Updated: May 12, 2026 Sources: CVE List NVD BDU csafCWE-843
NVD MITRE
7.5CVSSHIGH
EPSS Score
66.6%
Top 0.8%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:NI:NA:H
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-843

Affected Products

OpenSSLOpenSSLOSS Libraries
opensslopensslOSS Libraries
active iq unified managernetappHardware Firmware
management services for element software and netapp hcinetappHardware Firmware
ontap 9netappHardware Firmware
openssloss-projectUSOSS Librariesaka open ssl
netappcommercialUSHardware Firmware
and 22 more affected products View all →

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

Official Patch Available

MITRE ATT&CK

2 techniques
Initial Access
Privilege Escalation
View detailed technique mapping

References

https://openssl-library.org/news/secadv/20240903.txt
openssl-library.org
https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0
github.com
https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f
github.com
and 262 more references View all →

Timeline

Published
Sep 3, 2024
Last Updated
May 12, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2024-6119 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows