OpenSSL is lazy to react! It's already two months. 

TheMorningStar

The OpenSSL Project on Tuesday announced patches for the first high-severity vulnerability seen in the secure communications library in two years.

The vulnerability, tracked as CVE-2024-12797, was reported to OpenSSL developers by Apple in mid-December 2024.

The issue is related to clients using RFC7250 raw public keys (RPKs) to authenticate a server. CVE-2024-12797 was introduced in OpenSSL 3.2 with the implementation of RPK support.

security

The OpenSSL Project on Tuesday announced patches for the first high-severity vulnerability seen in the secure communications library in two years. 

The vulnerability, tracked as CVE-2024-12797, was reported to OpenSSL developers by Apple in mid-December 2024. 

The issue is related to clients using RFC7250 raw public keys (RPKs) to authenticate a server. CVE-2024-12797 was introduced in OpenSSL 3.2 with the implementation of RPK support. 