CVE-2024-6119 [High] | Denial of Service in Openssl

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	10.78%	66.59%	+55.82%
2	2026-06-13	14.26%	10.78%	-3.48%
3	2026-06-05	—	14.26%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

10.78%

66.59%

+55.82%

2026-06-13

14.26%

10.78%

-3.48%

2026-06-05

—

14.26%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:N) Doesn’t really leak secrets in a meaningful way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	3.9	3.6	[email protected]
7.5	3.1	HIGH	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N` Click to expand Attack vector (AV:N) Could be attacked over the internet or any normal routed network—not just someone sitting at the machine. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	3.9	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.5

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N): Doesn’t really leak secrets in a meaningful way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

3.9

3.6

[email protected]

7.5

3.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand

Attack vector (AV:N): Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

3.9

3.6

134c704f-9b21-4f2e-91b3-4a467353bcc0

OS Trackers for CVE-2024-6119

vendor	priority	summary	link
`alpine`	—	CVE-2024-6119: 1 source package rows (openssl); 136 state rows across 7 repos (3.17-main, 3.18-main, 3.19-main, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 7, open 129.	https://security.alpinelinux.org/vuln/CVE-2024-6119
`debian`	unimportant	CVE-2024-6119 unimportant priority: Debian including 1 source packages (openssl), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2024-6119
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2024-6119
`suse`	medium	CVE-2024-6119 severity moderate: SUSE including 480 source package names (0.0.17-1.1:libopenssl3-3.1.4-150600.5.15.1, 0.0.17-1.1:openssl-3-3.1.4-150600.5.15.1, …), 1017 product×package rows across 194 product lines (Container bci/dotnet-aspnet, Container bci/dotnet-runtime, … (194 product lines)): Fixed 435, Known Not Affected 351, Known Affected 231.	https://www.suse.com/security/cve/CVE-2024-6119/
`ubuntu`	medium	CVE-2024-6119 medium priority: Ubuntu including 5 source packages (edk2, nodejs, openssl, openssl-fips, openssl1.0), 46 status rows across 11 suites (bionic, focal, jammy, mantic, noble, oracular, plucky, questing, trusty, upstream, xenial): not-affected 18, DNE 12, released 8, needs-triage 7, ignored 1.	https://ubuntu.com/security/CVE-2024-6119

Affected software / configurations for CVE-2024-6119

Vendor	Product	Version	Raw CPE
openssl	openssl	>= 3.0.0, < 3.0.15	cpe:2.3:a:openssl:openssl::::::::
openssl	openssl	>= 3.1.0, < 3.1.7	cpe:2.3:a:openssl:openssl::::::::
openssl	openssl	>= 3.2.0, < 3.2.3	cpe:2.3:a:openssl:openssl::::::::
openssl	openssl	>= 3.3.0, < 3.3.2	cpe:2.3:a:openssl:openssl::::::::
netapp	active_iq_unified_manager	—	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
netapp	management_services_for_element_software_and_netapp_hci	—	cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:::::::*
netapp	ontap_9	—	cpe:2.3:a:netapp:ontap_9:-:::::::*
netapp	ontap_select_deploy_administration_utility	—	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
netapp	ontap_tools	9	cpe:2.3:a:netapp:ontap_tools:9:::::vmware_vsphere::
netapp	brocade_fabric_operating_system	—	cpe:2.3:o:netapp:brocade_fabric_operating_system:-:::::::*
netapp	h300s_firmware	—	cpe:2.3:o:netapp:h300s_firmware:-:::::::*
netapp	h500s_firmware	—	cpe:2.3:o:netapp:h500s_firmware:-:::::::*
netapp	h700s_firmware	—	cpe:2.3:o:netapp:h700s_firmware:-:::::::*
netapp	h410s_firmware	—	cpe:2.3:o:netapp:h410s_firmware:-:::::::*
netapp	h410c_firmware	—	cpe:2.3:o:netapp:h410c_firmware:-:::::::*
netapp	h610c_firmware	—	cpe:2.3:o:netapp:h610c_firmware:-:::::::*
netapp	h610s_firmware	—	cpe:2.3:o:netapp:h610s_firmware:-:::::::*
netapp	h615c	—	cpe:2.3:h:netapp:h615c:-:::::::*
netapp	bootstrap_os	—	cpe:2.3:o:netapp:bootstrap_os:-:::::::*
netapp	a250_firmware	—	cpe:2.3:o:netapp:a250_firmware:-:::::::*
netapp	500f_firmware	—	cpe:2.3:o:netapp:500f_firmware:-:::::::*
netapp	c250_firmware	—	cpe:2.3:o:netapp:c250_firmware:-:::::::*

References for CVE-2024-6119

URL	Tags
https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f	Patch
https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6	Patch
https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2	Patch
https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0	Patch
https://openssl-library.org/news/secadv/20240903.txt	Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/09/03/4	Mailing List
https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html	Mailing List
https://security.netapp.com/advisory/ntap-20240912-0001/	Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
https://cert-portal.siemens.com/productcert/html/ssa-613116.html
https://cert-portal.siemens.com/productcert/html/ssa-769027.html

URL

CVE-2024-6119 | Possible denial of service in X.509 name checks

Exploit prediction scoring system (EPSS) score for CVE-2024-6119

Common vulnerability scoring system (CVSS) metrics for CVE-2024-6119

Weakness enumeration for CVE-2024-6119

GitHub Security Advisory for CVE-2024-6119

OS Trackers for CVE-2024-6119

Affected software / configurations for CVE-2024-6119

References for CVE-2024-6119