CVE-2024-6119:
Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server...
7.5
CVSS ScoreBasic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIRoot Cause Analysis
The vulnerability, as described and fixed by the patches, is a type confusion within the do_x509_check function in crypto/x509/v3_utl.c. The commits (e.g., 05f360d9e849a1b277db628f1f13083a7f8dd04f) clearly show a refactoring of the logic that handles different types of GENERAL_NAME entries. The old code had a conditional structure that could lead to accessing a union member (gen->d) using a type (rfc822Name, dNSName, iPAddress) that did not match the actual type stored in the union (otherName) when gen->type was GEN_OTHERNAME but the specific otherName OID was not NID_id_on_SmtpUTF8Mailbox. This misinterpretation of the data structure is the core of the vulnerability, leading to an attempt to read an invalid memory address. The commit message explicitly states: 'The GENERAL_TYPE data type is a union, and we must take care to access the correct member, based on gen->type, not all the member fields have the same structure, and a segfault is possible if the wrong member field is read.' The function do_x509_check is the one performing this certificate name checking and contained the flawed logic. The fix involves a switch statement to correctly handle each gen->type.