CVE-2023-0464

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0464

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0464.json

Related

Published

2023-03-22T17:15:13Z

Modified

2024-05-14T12:38:02.506197Z

Summary

[none]

Details

A security vulnerability has been identified in all supported versions

of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.

Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or by calling theX509VERIFYPARAMset1policies()' function.

References

Affected packages

Alpine:v3.14 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.1.1t-r1

Alpine:v3.15 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.1.1t-r2

Alpine:v3.15 / openssl3

Package

Name: openssl3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r1

Alpine:v3.16 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.1.1t-r1

Alpine:v3.16 / openssl3

Package

Name: openssl3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r1

Alpine:v3.17 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.0.8-r1

Alpine:v3.18 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.1.0-r1

Alpine:v3.19 / openssl

Package

Name: openssl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.1.0-r1

Git / github.com/openssl/openssl

Affected ranges

Type: GIT
Repo: https://github.com/openssl/openssl
Events: Introduced

89cd17a031e022211684eb7eb41190cf1910f9fa

Introduced

a92271e03a8d0dee507b6f1e7f49512568b2c7ad

Introduced

e04bd3433fd84e1861bf258ea37928d9845e6a86

Introduced

e818b74be2170fbe957a07b0da4401c2b694b3b8

Fixed

de90e54bbe82e5be4fb9608b6f5c308bb837d355

Affected versions

openssl-3.*

openssl-3.0.0

openssl-3.0.1

openssl-3.0.2

openssl-3.0.3

openssl-3.0.4

openssl-3.0.5

openssl-3.0.6

openssl-3.0.7

openssl-3.0.8