跳转到帖子

Oracle Linux: CVE-2024-12797: ELSA-2025-1330: openssl security update (IMPORTANT) (Multiple Advisories)

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Oracle Linux: CVE-2024-12797: ELSA-2025-1330:openssl security update (IMPORTANT) (Multiple Advisories)

Severity
7
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:N)
Published
02/11/2025
Created
02/15/2025
Added
02/13/2025
Modified
02/13/2025

Description

A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.

Solution(s)

  • oracle-linux-upgrade-openssl
  • oracle-linux-upgrade-openssl-devel
  • oracle-linux-upgrade-openssl-libs
  • oracle-linux-upgrade-openssl-perl

References

  • https://attackerkb.com/topics/cve-2024-12797
  • CVE - 2024-12797
  • ELSA-2025-1330
  • 引用
  • Mention
    • 查看数 714
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表