First published: Wed Jan 25 2023(Updated: )
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-openssl | <1:1.1.1k-14.el8 | 1:1.1.1k-14.el8 |
redhat/jbcs-httpd24-openssl | <1:1.1.1k-14.el7 | 1:1.1.1k-14.el7 |
redhat/openssl | <0:1.0.1e-61.el6_10 | 0:1.0.1e-61.el6_10 |
redhat/openssl | <1:1.0.2k-26.el7_9 | 1:1.0.2k-26.el7_9 |
redhat/edk2 | <0:20220126gitbb1bba3d77-4.el8 | 0:20220126gitbb1bba3d77-4.el8 |
redhat/openssl | <1:1.1.1k-9.el8_7 | 1:1.1.1k-9.el8_7 |
redhat/openssl | <1:1.1.1c-6.el8_1 | 1:1.1.1c-6.el8_1 |
redhat/edk2 | <0:20190829git37eef91017ad-9.el8_2.2 | 0:20190829git37eef91017ad-9.el8_2.2 |
redhat/openssl | <1:1.1.1c-21.el8_2 | 1:1.1.1c-21.el8_2 |
redhat/edk2 | <0:20200602gitca407c7246bf-4.el8_4.3 | 0:20200602gitca407c7246bf-4.el8_4.3 |
redhat/openssl | <1:1.1.1g-18.el8_4 | 1:1.1.1g-18.el8_4 |
redhat/edk2 | <0:20220126gitbb1bba3d77-2.el8_6.1 | 0:20220126gitbb1bba3d77-2.el8_6.1 |
redhat/openssl | <1:1.1.1k-8.el8_6 | 1:1.1.1k-8.el8_6 |
redhat/openssl | <1:3.0.1-47.el9_1 | 1:3.0.1-47.el9_1 |
redhat/edk2 | <0:20221207gitfff6d81270b5-9.el9_2 | 0:20221207gitfff6d81270b5-9.el9_2 |
redhat/openssl | <1:3.0.1-46.el9_0 | 1:3.0.1-46.el9_0 |
redhat/edk2 | <0:20220126gitbb1bba3d77-3.el9_0.2 | 0:20220126gitbb1bba3d77-3.el9_0.2 |
redhat/jws5-tomcat-native | <0:1.2.31-14.redhat_14.el7 | 0:1.2.31-14.redhat_14.el7 |
redhat/jws5-tomcat-native | <0:1.2.31-14.redhat_14.el8 | 0:1.2.31-14.redhat_14.el8 |
redhat/jws5-tomcat-native | <0:1.2.31-14.redhat_14.el9 | 0:1.2.31-14.redhat_14.el9 |
OpenSSL OpenSSL | >=1.0.2<1.0.2zg | |
OpenSSL OpenSSL | >=1.1.1<1.1.1t | |
OpenSSL OpenSSL | >=3.0.0<3.0.8 | |
Stormshield Stormshield Management Center | <3.3.3 | |
Stormshield Stormshield Network Security | >=2.7.0<2.7.11 | |
Stormshield Stormshield Network Security | >=2.8.0<3.7.34 | |
Stormshield Stormshield Network Security | >=3.8.0<3.11.22 | |
Stormshield Stormshield Network Security | >=4.0.0<4.3.16 | |
Stormshield Stormshield Network Security | >=4.4.0<4.6.3 | |
rust/openssl-src | >=300.0.0<300.0.12 | 300.0.12 |
rust/openssl-src | <111.25.0 | 111.25.0 |
pip/cryptography | >=0.8.1<39.0.1 | 39.0.1 |
debian/openssl | 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.14-1~deb12u1 3.0.14-1~deb12u2 3.3.2-1 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2023-0286.
CVE-2023-0286 has a severity rating of 8.2, which is considered high.
CVE-2023-0286 affects multiple versions of OpenSSL, ranging from 1.0.2 to 3.0.8.
CVE-2023-0286 can lead to a denial of service (DoS) due to a type confusion error related to X.400 address processing.
You can find more information about CVE-2023-0286 and its patch at the provided references.