How severe is CVE-2024-39312?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-39312?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2024-39312 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtrees and excluded subtrees, only the permitted subtree would be checked. If a certificate included a name which was permitted by the permitted subtree but also excluded by excluded subtree, it would be accepted. Fixed in versions 3.5.0 and 2.19.5.

Related Vulnerabilities

CVE-2011-2207

MEDIUM

CVSS:5.3(Medium)

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

CWE-2952011

CVE-2016-11076

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.

CWE-2952016

CVE-2016-5648

MEDIUM

CVSS:5.3(Medium)

Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.

CWE-2952016

CVE-2017-1000417

MEDIUM

CVSS:5.3(Medium)

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.

CWE-2952017

CVE-2017-18588

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.

CWE-2952017

CVE-2017-2623

MEDIUM

CVSS:5.3(Medium)

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail t...

CWE-2952017