There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
History

Thu, 12 Sep 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat logging
CPEs cpe:/a:redhat:logging:5.9::el9
Vendors & Products Redhat logging

Thu, 08 Aug 2024 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_aus:7.7

cve-icon MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2023-02-08T19:01:50.514Z

Updated: 2024-08-02T05:02:44.187Z

Reserved: 2023-01-13T10:40:41.259Z

Link: CVE-2023-0286

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-02-08T20:15:24.267

Modified: 2024-11-21T07:36:53.843

Link: CVE-2023-0286

cve-icon Redhat

Severity : Important

Publid Date: 2023-02-07T00:00:00Z

Links: CVE-2023-0286 - Bugzilla