First published: Wed Jan 25 2023(Updated: )
A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function, most likely leading to an application crash. This function can be called on public keys supplied from untrusted sources, which could allow an attacker to cause a denial of service.
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openssl | <1:3.0.1-47.el9_1 | 1:3.0.1-47.el9_1 |
redhat/openssl | <1:3.0.1-46.el9_0 | 1:3.0.1-46.el9_0 |
OpenSSL OpenSSL | >=3.0.0<=3.0.7 | |
ubuntu/openssl | <3.0.8-1ubuntu1 | 3.0.8-1ubuntu1 |
ubuntu/openssl | <3.0.8 | 3.0.8 |
ubuntu/openssl | <3.0.2-0ubuntu1.8 | 3.0.2-0ubuntu1.8 |
ubuntu/openssl | <3.0.5-2ubuntu2.1 | 3.0.5-2ubuntu2.1 |
ubuntu/openssl | <3.0.8-1ubuntu1 | 3.0.8-1ubuntu1 |
debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u2 3.1.4-2 3.1.5-1 | |
rust/openssl-src | >=300.0.0<300.0.12 | 300.0.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-0217.
The severity of CVE-2023-0217 is high with a severity value of 7.5.
The affected software for CVE-2023-0217 is OpenSSL version 1:3.0.1-47.el9_1 and OpenSSL version 1:3.0.1-46.el9_0.
CVE-2023-0217 can be exploited by an application trying to check a malformed DSA public key by the EVP_PKEY_public_check() function, which may lead to an application crash.
Yes, the fix for CVE-2023-0217 is available in OpenSSL version 1:3.0.1-47.el9_1 and OpenSSL version 1:3.0.1-46.el9_0.