CVE-2023-0217

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0217

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0217.json

Aliases

Related

Published

2023-02-08T20:15:24Z

Modified

2024-02-04T11:10:14.649905Z

Details

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpublic_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.

The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

References

Affected packages

Alpine:v3.15 / openssl3

Package

Name: openssl3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Alpine:v3.16 / openssl3

Package

Name: openssl3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Alpine:v3.17 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Alpine:v3.18 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Alpine:v3.19 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r0

Git / github.com/openssl/openssl

Affected ranges

Type: GIT
Repo: https://github.com/openssl/openssl
Events: Introduced

89cd17a031e022211684eb7eb41190cf1910f9fa

Last affected

19cc035b6c6f2283573d29c7ea7f7d675cf750ce

Affected versions

openssl-3.*

openssl-3.0.0

openssl-3.0.1

openssl-3.0.2

openssl-3.0.3

openssl-3.0.4

openssl-3.0.5

openssl-3.0.6

openssl-3.0.7