VIR Vulnerability Intelligence Relay

CVE-2024-0727

medium
Published 2024-04-30 · Modified 2024-05-07
CVSS v3
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS v2
VIR risk
5.5

Description

Low: openssl and openssl-fips-provider security update

Predictions

Exploit likelihood
55%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-2447.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2248616

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2227852

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2224962

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2223016

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-0727

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:9088

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-0727.html

vendor Authored 2026-05-27

Vendor advisory: openssl-security@openssl.org — https://www.openssl.org/news/secadv/20240125.txt

vendor Authored 2026-05-27

Vendor advisory: openssl-security@openssl.org — https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539

vendor Authored 2026-05-27

Vendor advisory: openssl-security@openssl.org — https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8

vendor Authored 2026-05-27

Vendor advisory: openssl-security@openssl.org — https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c

vendor Authored 2026-05-27

Vendor advisory: openssl-security@openssl.org — https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a

vendor Authored 2026-05-27

Vendor advisory: openssl-security@openssl.org — https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-9088.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2284243

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2259944

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2258502

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2257571

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:9088

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:2447

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
almalinux almalinux9fixededk2-ovmf-20240524-6.el9_5.noarch.rpm
suse slesaffected
rockylinux rocky9fixed
debian debianbookwormfixed3.0.13-1~deb12u1
debian debianbullseyefixed1.1.1w-0+deb11u2
debian debianforkyfixed3.1.5-1
debian debiansidfixed3.1.5-1
debian debiantrixiefixed3.1.5-1

Package impact
EcosystemPackageVulnerableFixed
python PyPIcryptography<42.0.242.0.2
PIPcryptography< 42.0.242.0.2

Application impact
VendorProductVersionsFixed
openssl opensslopenssl{"startIncluding":"1.0.2","endExcluding":"1.0.2zj"}1.0.2zj
openssl opensslopenssl3.2.0

References

CWEs

CWE-476

Verify integrity in audit chain (admin only). AS-IS.