CVE-2023-0216

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0216

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0216.json

Aliases

Related

Published

2023-02-08T20:15:24Z

Modified

2024-02-04T09:15:08Z

Details

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2iPKCS7(), d2iPKCS7bio() or d2iPKCS7_fp() functions.

The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

References

Affected packages

Alpine:v3.15 / openssl3

Package

Name: openssl3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Alpine:v3.16 / openssl3

Package

Name: openssl3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Alpine:v3.17 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Alpine:v3.18 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Alpine:v3.19 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0