Threats Tagged 'cve-2024-12797'

A high-severity vulnerability identified as CVE-2024-12797 affects OpenSSL packages in Red Hat Enterprise Linux 10. The issue is related to a weakness categorized under CWE-295. Red Hat has issued a bug fix advisory (RHBA-2025:6314) that includes an update to OpenSSL addressing this vulnerability along with other bug fixes and enhancements. The advisory references the Red Hat Enterprise Linux 10 Release Notes for detailed changes and provides instructions on applying the update. There are no known exploits in the wild at this time. The update is available for multiple architectures and extended support versions of Red Hat Enterprise Linux 10. Users are advised to apply the update as per Red Hat's guidance to remediate the vulnerability.

A moderate severity vulnerability identified as CVE-2024-12797 and CVE-2025-25184 affects the logging-fluentd-container component in Red Hat OpenShift Logging 5. 9. 12. The issue involves a possible log injection vulnerability in Rack::CommonLogger. This vulnerability could allow crafted input to be injected into logs, potentially impacting log integrity. The affected products include various architectures of Red Hat OpenShift Logging 5. 9 for RHEL 9. Red Hat has published an advisory (RHSA-2025:1985) with instructions for upgrading and applying this errata update. No explicit patch files are listed, but upgrade instructions are provided in official Red Hat OpenShift documentation. There are no known exploits in the wild at this time.

Red Hat OpenShift Builds 1. 3 contains vulnerabilities identified by CVE-2024-12797 and CVE-2025-1244, categorized under CWE-295 (Improper Certificate Validation) and CWE-78 (OS Command Injection). The advisory indicates these issues affect multiple builds and architectures of Red Hat OpenShift Builds 1. 3. No explicit patch or fix is provided in the advisory, and no known exploits are reported in the wild. The severity is assessed as high based on the vendor's classification.

Red Hat has issued a security advisory for updated service-interconnect 1. 8 container images on RHEL 9. These updated images include backported patches addressing multiple security issues and bug fixes. Users of the affected images are advised to upgrade and rebuild any dependent container images. The advisory covers several CVEs including CVE-2024-12797, CVE-2024-56171, and CVE-2025-24928. The vulnerability involves issues related to improper certificate validation, use-after-free, and stack-based buffer overflow (CWE-295, CWE-416, CWE-121). No known exploits are reported in the wild. The advisory provides updated container images in the Red Hat Container Catalog and references detailed update instructions. The severity is rated high by Red Hat.

Red Hat has issued a security advisory (RHSA-2025:9895) for Red Hat Service Interconnect 1. 4 LTS on RHEL 9 and RHEL 8 addressing multiple vulnerabilities, including CVE-2024-12797, CVE-2024-56171, and CVE-2025-24928. The update addresses issues such as an OpenSSL handshake problem with unauthenticated servers, a use-after-free vulnerability in libxml2, and a stack-based buffer overflow in libxml2. The advisory rates the overall security impact as Moderate. Users are advised to apply the update after ensuring all prior relevant errata are installed. No known exploits in the wild have been reported. The vendor provides official fixes through this update.