First published: Wed Jan 25 2023(Updated: )
A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function, most likely leading to an application crash. This function can be called on public keys supplied from untrusted sources, which could allow an attacker to cause a denial of service.
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openssl | <1:3.0.1-47.el9_1 | 1:3.0.1-47.el9_1 |
redhat/openssl | <1:3.0.1-46.el9_0 | 1:3.0.1-46.el9_0 |
OpenSSL OpenSSL | >=3.0.0<=3.0.7 | |
rust/openssl-src | >=300.0.0<300.0.12 | 300.0.12 |
debian/openssl | 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.14-1~deb12u1 3.0.14-1~deb12u2 3.3.2-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-0217.
The severity of CVE-2023-0217 is high with a severity value of 7.5.
The affected software for CVE-2023-0217 is OpenSSL version 1:3.0.1-47.el9_1 and OpenSSL version 1:3.0.1-46.el9_0.
CVE-2023-0217 can be exploited by an application trying to check a malformed DSA public key by the EVP_PKEY_public_check() function, which may lead to an application crash.
Yes, the fix for CVE-2023-0217 is available in OpenSSL version 1:3.0.1-47.el9_1 and OpenSSL version 1:3.0.1-46.el9_0.