What is the severity of REDHAT-BUG-2164500?

The severity of REDHAT-BUG-2164500 is considered to be high due to potential system crashes or security impacts.

How do I fix REDHAT-BUG-2164500?

To fix REDHAT-BUG-2164500, upgrade to the latest version of OpenSSL that addresses this vulnerability.

What are the potential impacts of REDHAT-BUG-2164500?

The potential impacts of REDHAT-BUG-2164500 include application crashes and significant security risks during signature verification.

Who is affected by REDHAT-BUG-2164500?

Users and applications relying on affected versions of OpenSSL for PKCS7 signature verification are at risk.

Is there a workaround for REDHAT-BUG-2164500?

Currently, no official workaround for REDHAT-BUG-2164500 is available; upgrading is the recommended mitigation.

Vulnerability/
REDHAT-BUG-2164500

medium

25/1/2023

18/3/2024

REDHAT-BUG-2164500

First published: Wed Jan 25 2023(Updated: )

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash.

Affected Software	Affected Version	How to fix
OpenSSL

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2164500?
The severity of REDHAT-BUG-2164500 is considered to be high due to potential system crashes or security impacts.
How do I fix REDHAT-BUG-2164500?
To fix REDHAT-BUG-2164500, upgrade to the latest version of OpenSSL that addresses this vulnerability.
What are the potential impacts of REDHAT-BUG-2164500?
The potential impacts of REDHAT-BUG-2164500 include application crashes and significant security risks during signature verification.
Who is affected by REDHAT-BUG-2164500?
Users and applications relying on affected versions of OpenSSL for PKCS7 signature verification are at risk.
Is there a workaround for REDHAT-BUG-2164500?
Currently, no official workaround for REDHAT-BUG-2164500 is available; upgrading is the recommended mitigation.

agent/references
agent/type
agent/first-publish-date
agent/severity
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-0401
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/openssl
canonical/openssl

Frequently Asked Questions

What is the severity of REDHAT-BUG-2164500?
The severity of REDHAT-BUG-2164500 is considered to be high due to potential system crashes or security impacts.
How do I fix REDHAT-BUG-2164500?
To fix REDHAT-BUG-2164500, upgrade to the latest version of OpenSSL that addresses this vulnerability.
What are the potential impacts of REDHAT-BUG-2164500?
The potential impacts of REDHAT-BUG-2164500 include application crashes and significant security risks during signature verification.
Who is affected by REDHAT-BUG-2164500?
Users and applications relying on affected versions of OpenSSL for PKCS7 signature verification are at risk.
Is there a workaround for REDHAT-BUG-2164500?
Currently, no official workaround for REDHAT-BUG-2164500 is available; upgrading is the recommended mitigation.

REDHAT-BUG-2164500

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2164500?

How do I fix REDHAT-BUG-2164500?

What are the potential impacts of REDHAT-BUG-2164500?

Who is affected by REDHAT-BUG-2164500?

Is there a workaround for REDHAT-BUG-2164500?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of REDHAT-BUG-2164500?

How do I fix REDHAT-BUG-2164500?

What are the potential impacts of REDHAT-BUG-2164500?

Who is affected by REDHAT-BUG-2164500?

Is there a workaround for REDHAT-BUG-2164500?