FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Man-in-the-Middle vulnerability

Affected packages
openssl32 < 3.2.4
openssl33 < 3.3.2
openssl34 < 3.4.1

Details

VuXML ID a64761a1-e895-11ef-873e-8447094a420f
Discovery 2025-02-11
Entry 2025-02-11

The OpenSSL project reports:

RFC7250 handshakes with unauthenticated servers don't abort as expected (High). Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set.

[source]

References

CVE Name CVE-2024-12797
URL https://openssl-library.org/news/secadv/20250211.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.