What is CVE-2024-12797?

CVE-2024-12797 is a vulnerability in Openssl, classified under CWE-392. Published 2025-02-11.

Is CVE-2024-12797 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode is set. I…

EPSS: 0.008 (74.8th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 3.4.0, 3.3.0, 3.2.0

Weakness classification (CWE)

CWE-392

Public proof-of-concept exploits

DeepOchhane/Dev-Sec-Ops-Project
Dgporte/ExerciciosDockerPB2025
chnzzh/OpenSSL-CVE-lib
runwhen-contrib/helm-charts
williampsena/ci-repices

References

OpenSSL Advisory (vendor-advisory)
3.4.1 git commit (patch)
3.3.3 git commit (patch)
3.2.4 git commit (patch)

Frequently asked questions

What is CVE-2024-12797?: CVE-2024-12797 is a vulnerability in Openssl, classified under CWE-392. Published 2025-02-11.
Is CVE-2024-12797 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.