{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/vex/2024/cve-2024-2511-els_os-oraclelinux7els.json" } ], "tracking": { "current_release_date": "2026-06-13T02:25:09Z", "generator": { "date": "2026-06-13T02:25:09Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2024-2511-ELS_OS-ORACLELINUX7ELS", "initial_release_date": "2024-04-08T14:15:00Z", "revision_history": [ { "date": "2024-04-08T14:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-13T02:25:09Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2024-2511" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" }, { "branches": [ { "category": "product_version", "name": "openssl11-1:1.1.1k-7.el7.x86_64", "product": { "name": "openssl11-1:1.1.1k-7.el7.x86_64", "product_id": "openssl11-1:1.1.1k-7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/oracle/openssl11@1.1.1k-7.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-devel-1:1.1.1k-7.el7.x86_64", "product": { "name": "openssl11-devel-1:1.1.1k-7.el7.x86_64", "product_id": "openssl11-devel-1:1.1.1k-7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/oracle/openssl11-devel@1.1.1k-7.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-static-1:1.1.1k-7.el7.x86_64", "product": { "name": "openssl11-static-1:1.1.1k-7.el7.x86_64", "product_id": "openssl11-static-1:1.1.1k-7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/oracle/openssl11-static@1.1.1k-7.el7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-libs-1:1.1.1k-7.el7.x86_64", "product": { "name": "openssl11-libs-1:1.1.1k-7.el7.x86_64", "product_id": "openssl11-libs-1:1.1.1k-7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/oracle/openssl11-libs@1.1.1k-7.el7?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product": { "name": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_id": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl11@1.1.1k-7.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product": { "name": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_id": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl11-devel@1.1.1k-7.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product": { "name": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_id": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl11-static@1.1.1k-7.el7.tuxcare.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product": { "name": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_id": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl11-libs@1.1.1k-7.el7.tuxcare.els1?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64" }, "product_reference": "openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-1:1.1.1k-7.el7.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.x86_64" }, "product_reference": "openssl11-1:1.1.1k-7.el7.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64" }, "product_reference": "openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-devel-1:1.1.1k-7.el7.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.x86_64" }, "product_reference": "openssl11-devel-1:1.1.1k-7.el7.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64" }, "product_reference": "openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-static-1:1.1.1k-7.el7.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.x86_64" }, "product_reference": "openssl11-static-1:1.1.1k-7.el7.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64" }, "product_reference": "openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl11-libs-1:1.1.1k-7.el7.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.x86_64" }, "product_reference": "openssl11-libs-1:1.1.1k-7.el7.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-2511", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "Issue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-2511" } ], "release_date": "2024-04-08T14:15:00Z", "remediations": [ { "category": "no_fix_planned", "date": "2026-06-12T12:57:38.474783Z", "details": "Deprioritize this issue because it only affects TLSv1.3 servers that explicitly disable session tickets via the non-default SSL_OP_NO_TICKET option; default ticket-enabled configurations, TLS clients, and servers with early_data plus default anti-replay are not vulnerable. The impact is limited to a Denial of Service from unbounded session-cache memory growth (no confidentiality or integrity risk) and carries high attack complexity for remote exploitation. Additionally, FIPS modules in OpenSSL 3.2/3.1/3.0 and OpenSSL 1.0.2 are not affected, making this a narrow, configuration-specific risk.", "product_ids": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-devel-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-libs-1:1.1.1k-7.el7.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.tuxcare.els1.x86_64", "Oracle-Linux-7:openssl11-static-1:1.1.1k-7.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }