7.4
CWE
843 704
Advisory Published
CVE Published
CVE Published
Advisory Published
Updated

CVE-2023-0286: X.400 address type confusion in X.509 GeneralName

First published: Wed Jan 25 2023(Updated: )

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.

Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org

Affected SoftwareAffected VersionHow to fix
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
1:1.1.1k-14.el7
redhat/openssl<0:1.0.1e-61.el6_10
0:1.0.1e-61.el6_10
redhat/openssl<1:1.0.2k-26.el7_9
1:1.0.2k-26.el7_9
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
1:1.1.1k-9.el8_7
redhat/openssl<1:1.1.1c-6.el8_1
1:1.1.1c-6.el8_1
redhat/edk2<0:20190829git37eef91017ad-9.el8_2.2
0:20190829git37eef91017ad-9.el8_2.2
redhat/openssl<1:1.1.1c-21.el8_2
1:1.1.1c-21.el8_2
redhat/edk2<0:20200602gitca407c7246bf-4.el8_4.3
0:20200602gitca407c7246bf-4.el8_4.3
redhat/openssl<1:1.1.1g-18.el8_4
1:1.1.1g-18.el8_4
redhat/edk2<0:20220126gitbb1bba3d77-2.el8_6.1
0:20220126gitbb1bba3d77-2.el8_6.1
redhat/openssl<1:1.1.1k-8.el8_6
1:1.1.1k-8.el8_6
redhat/openssl<1:3.0.1-47.el9_1
1:3.0.1-47.el9_1
redhat/edk2<0:20221207gitfff6d81270b5-9.el9_2
0:20221207gitfff6d81270b5-9.el9_2
redhat/openssl<1:3.0.1-46.el9_0
1:3.0.1-46.el9_0
redhat/edk2<0:20220126gitbb1bba3d77-3.el9_0.2
0:20220126gitbb1bba3d77-3.el9_0.2
redhat/jws5-tomcat-native<0:1.2.31-14.redhat_14.el7
0:1.2.31-14.redhat_14.el7
redhat/jws5-tomcat-native<0:1.2.31-14.redhat_14.el8
0:1.2.31-14.redhat_14.el8
redhat/jws5-tomcat-native<0:1.2.31-14.redhat_14.el9
0:1.2.31-14.redhat_14.el9
OpenSSL OpenSSL>=1.0.2<1.0.2zg
OpenSSL OpenSSL>=1.1.1<1.1.1t
OpenSSL OpenSSL>=3.0.0<3.0.8
Stormshield Stormshield Management Center<3.3.3
Stormshield Stormshield Network Security>=2.7.0<2.7.11
Stormshield Stormshield Network Security>=2.8.0<3.7.34
Stormshield Stormshield Network Security>=3.8.0<3.11.22
Stormshield Stormshield Network Security>=4.0.0<4.3.16
Stormshield Stormshield Network Security>=4.4.0<4.6.3
rust/openssl-src>=300.0.0<300.0.12
300.0.12
rust/openssl-src<111.25.0
111.25.0
pip/cryptography>=0.8.1<39.0.1
39.0.1
debian/openssl
1.1.1w-0+deb11u1
1.1.1n-0+deb11u5
3.0.14-1~deb12u1
3.0.14-1~deb12u2
3.3.2-1
IBM Cognos Analytics<=12.0.0-12.0.3
IBM Cognos Analytics<=11.2.0-11.2.4 FP4

Remedy

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID of this OpenSSL vulnerability?

    The vulnerability ID is CVE-2023-0286.

  • What is the severity rating of CVE-2023-0286?

    CVE-2023-0286 has a severity rating of 8.2, which is considered high.

  • Which software versions are affected by CVE-2023-0286?

    CVE-2023-0286 affects multiple versions of OpenSSL, ranging from 1.0.2 to 3.0.8.

  • What is the impact of CVE-2023-0286?

    CVE-2023-0286 can lead to a denial of service (DoS) due to a type confusion error related to X.400 address processing.

  • Where can I find more information about CVE-2023-0286 and its patch?

    You can find more information about CVE-2023-0286 and its patch at the provided references.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203