CVE-2024-29172

Medium

Published: 12 February 2025

Published

12 February 2025

Modified

19 March 2025

KEV Added

—

Patch

—

CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0029 52.3th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service.

Security Summary

CVE-2024-29172 is a deadlock vulnerability (CWE-833, CWE-667) in Dell BSAFE SSL-J, affecting versions prior to 6.6 and versions 7.0 through 7.2. Published on 2025-02-12, it carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). The flaw allows a remote attacker to potentially trigger a denial of service condition.

A remote, unauthenticated attacker with network access can exploit this vulnerability to cause a deadlock, resulting in denial of service. Exploitation requires high attack complexity and does not involve user interaction or privileges, with impact limited to availability.

Dell's security advisory DSA-2024-221 details a security update for Dell BSAFE SSL-J addressing this and multiple other vulnerabilities. Practitioners should consult the advisory at https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities for patching instructions and mitigation guidance.

Details

CWE(s): CWE-833CWE-667

Affected Products

dell

bsafe ssl-j

≤ 6.6 · 7.0 — 7.2.1

References

https://www.dell.com/support/kbdoc/en-us/000226620/dsa-2024-221-security-update-for-dell-bsafe-ssl-j-multiple-vulnerabilities
Vendor Advisory · security_alert@emc.com