CVE-2024-12797 is a high-severity vulnerability in the OpenSSL cryptographic library, identified by Apple Inc. This flaw affects OpenSSL versions 3.2, 3.3, and 3.4 and pertains to the handling of RFC7250 handshakes. Specifically, when clients use raw public keys (RPKs) for server authentication, the handshake may not abort as expected if the server is unauthenticated. This…

Continue Reading