CVE-2023-0286 - Vulnerability Details

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Openssl	Openssl
Redhat	Enterprise Linux Jboss Core Services Jboss Enterprise Web Server Logging Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus Rhev Hypervisor
Stormshield	Stormshield Management Center Stormshield Network Security

Configuration 1 [-]

OR	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl::::::::

Configuration 2 [-]

OR	cpe:2.3:a:stormshield:stormshield_management_center::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::
	cpe:2.3:a:stormshield:stormshield_network_security::::::::

Package	CPE	Advisory	Released Date
JBCS httpd 2.4.51.sp2
openssl	cpe:/a:redhat:jboss_core_services:1	RHSA-2023:3355	2023-06-05T00:00:00Z
JBoss Core Services for RHEL 8
jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs	cpe:/a:redhat:jboss_core_services:1::el8	RHSA-2023:3354	2023-06-05T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2023:3354	2023-06-05T00:00:00Z
Red Hat Enterprise Linux 6 Extended Lifecycle Support
openssl-0:1.0.1e-61.el6_10	cpe:/o:redhat:rhel_els:6	RHSA-2023:1438	2023-03-23T00:00:00Z
Red Hat Enterprise Linux 7
openssl-1:1.0.2k-26.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:1335	2023-03-20T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
openssl-1:1.0.2k-21.el7_7.1	cpe:/o:redhat:rhel_aus:7.7	RHSA-2024:5136	2024-08-08T00:00:00Z
Red Hat Enterprise Linux 8
edk2-0:20220126gitbb1bba3d77-4.el8	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:2932	2023-05-16T00:00:00Z
openssl-1:1.1.1k-9.el8_7	cpe:/o:redhat:enterprise_linux:8	RHSA-2023:1405	2023-03-22T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
openssl-1:1.1.1c-6.el8_1	cpe:/o:redhat:rhel_e4s:8.1	RHSA-2023:1437	2023-03-23T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
edk2-0:20190829git37eef91017ad-9.el8_2.2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:4124	2023-07-18T00:00:00Z
openssl-1:1.1.1c-21.el8_2	cpe:/o:redhat:rhel_aus:8.2	RHSA-2023:1439	2023-03-23T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
edk2-0:20190829git37eef91017ad-9.el8_2.2	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:4124	2023-07-18T00:00:00Z
openssl-1:1.1.1c-21.el8_2	cpe:/o:redhat:rhel_tus:8.2	RHSA-2023:1439	2023-03-23T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
edk2-0:20190829git37eef91017ad-9.el8_2.2	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:4124	2023-07-18T00:00:00Z
openssl-1:1.1.1c-21.el8_2	cpe:/o:redhat:rhel_e4s:8.2	RHSA-2023:1439	2023-03-23T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
edk2-0:20200602gitca407c7246bf-4.el8_4.3	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:4252	2023-07-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
openssl-1:1.1.1g-18.el8_4	cpe:/o:redhat:rhel_eus:8.4	RHSA-2023:1440	2023-03-23T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
edk2-0:20200602gitca407c7246bf-4.el8_4.3	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:4252	2023-07-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
edk2-0:20200602gitca407c7246bf-4.el8_4.3	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:4252	2023-07-25T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
edk2-0:20220126gitbb1bba3d77-2.el8_6.1	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:4128	2023-07-18T00:00:00Z
openssl-1:1.1.1k-8.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2023:1441	2023-03-23T00:00:00Z
Red Hat Enterprise Linux 9
openssl-1:3.0.1-47.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:0946	2023-02-28T00:00:00Z
edk2-0:20221207gitfff6d81270b5-9.el9_2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:2165	2023-05-09T00:00:00Z
openssl-1:3.0.1-47.el9_1	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:0946	2023-02-28T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
openssl-1:3.0.1-46.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:1199	2023-03-14T00:00:00Z
edk2-0:20220126gitbb1bba3d77-3.el9_0.2	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:2022	2023-04-26T00:00:00Z
Red Hat JBoss Web Server 5
openssl	cpe:/a:redhat:jboss_enterprise_web_server:5.7	RHSA-2023:3421	2023-06-05T00:00:00Z
Red Hat JBoss Web Server 5.7 on RHEL 7
jws5-tomcat-native-0:1.2.31-14.redhat_14.el7jws	cpe:/a:redhat:jboss_enterprise_web_server:5.7::el7	RHSA-2023:3420	2023-06-05T00:00:00Z
Red Hat JBoss Web Server 5.7 on RHEL 8
jws5-tomcat-native-0:1.2.31-14.redhat_14.el8jws	cpe:/a:redhat:jboss_enterprise_web_server:5.7::el8	RHSA-2023:3420	2023-06-05T00:00:00Z
Red Hat JBoss Web Server 5.7 on RHEL 9
jws5-tomcat-native-0:1.2.31-14.redhat_14.el9jws	cpe:/a:redhat:jboss_enterprise_web_server:5.7::el9	RHSA-2023:3420	2023-06-05T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.5.3-202309130206_8.6	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2023:5209	2023-09-19T00:00:00Z
RHOL-5.9-RHEL-9
openshift-logging/cluster-logging-operator-bundle:v5.9.6-22	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/cluster-logging-rhel9-operator:v5.9.6-11	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/eventrouter-rhel9:v0.4.0-290	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/fluentd-rhel9:v5.9.6-4	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-270	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/logging-loki-rhel9:v3.1.0-18	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/logging-view-plugin-rhel9:v5.9.6-3	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/loki-operator-bundle:v5.9.6-15	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/loki-rhel9-operator:v5.9.6-5	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/lokistack-gateway-rhel9:v0.1.0-639	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/opa-openshift-rhel9:v0.1.0-277	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z
openshift-logging/vector-rhel9:v0.34.1-16	cpe:/a:redhat:logging:5.9::el9	RHSA-2024:6095	2024-09-11T00:00:00Z

References

Link	Providers
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
https://nvd.nist.gov/vuln/detail/CVE-2023-0286
https://security.gentoo.org/glsa/202402-08
https://www.cve.org/CVERecord?id=CVE-2023-0286
https://www.openssl.org/news/secadv/20230207.txt

History

Thu, 20 Mar 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Feb 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description	There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.	There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Thu, 12 Sep 2024 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat logging
CPEs		cpe:/a:redhat:logging:5.9::el9
Vendors & Products		Redhat logging

Thu, 08 Aug 2024 19:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:rhel_aus:7.7

MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2023-02-08T19:01:50.514Z

Updated: 2025-03-20T20:52:26.649Z

Reserved: 2023-01-13T10:40:41.259Z

Link: CVE-2023-0286

Vulnrichment

Updated: 2024-08-02T05:02:44.187Z

NVD

Status : Modified

Published: 2023-02-08T20:15:24.267

Modified: 2025-03-20T21:15:16.550

Link: CVE-2023-0286

Redhat

Severity : Important

Publid Date: 2023-02-07T00:00:00Z

Links: CVE-2023-0286 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0286", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "state": "PUBLISHED", "assignerShortName": "openssl", "dateReserved": "2023-01-13T10:40:41.259Z", "datePublished": "2023-02-08T19:01:50.514Z", "dateUpdated": "2025-03-20T20:52:26.649Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver"}, {"lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom"}, {"lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Hugo Landau"}], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. "}], "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network."}], "metrics": [{"format": "other", "other": {"content": {"text": "High"}, "type": "https://www.openssl.org/policies/secpolicy.html"}}], "problemTypes": [{"descriptions": [{"description": "type confusion vulnerability", "lang": "en"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2024-02-04T09:06:58.565Z"}, "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory"], "url": "https://www.openssl.org/news/secadv/20230207.txt"}, {"name": "3.0.8 git commit", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"}, {"name": "1.1.1t git commit", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"}, {"name": "1.0.2zg patch (premium)", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"}, {"url": "https://security.gentoo.org/glsa/202402-08"}], "source": {"discovery": "UNKNOWN"}, "title": "X.400 address type confusion in X.509 GeneralName", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.187Z"}, "title": "CVE Program Container", "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20230207.txt"}, {"name": "3.0.8 git commit", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"}, {"name": "1.1.1t git commit", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"}, {"name": "1.0.2zg patch (premium)", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", "tags": ["x_transferred"]}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202402-08", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-843", "lang": "en", "description": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-06T15:57:22.031399Z", "id": "CVE-2023-0286", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T20:52:26.649Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openssl.org/news/secadv/20230207.txt", "name": "OpenSSL Advisory", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", "name": "3.0.8 git commit", "tags": ["patch", "x_transferred"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", "name": "1.1.1t git commit", "tags": ["patch", "x_transferred"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", "name": "1.0.2zg patch (premium)", "tags": ["patch", "x_transferred"]}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", "tags": ["x_transferred"]}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202402-08", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:44.187Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-0286", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-06T15:57:22.031399Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-06T15:57:23.457Z"}}], "cna": {"title": "X.400 address type confusion in X.509 GeneralName", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Hugo Landau"}], "metrics": [{"other": {"type": "https://www.openssl.org/policies/secpolicy.html", "content": {"text": "High"}}, "format": "other"}], "affected": [{"vendor": "OpenSSL", "product": "OpenSSL", "versions": [{"status": "affected", "version": "3.0.0", "lessThan": "3.0.8", "versionType": "semver"}, {"status": "affected", "version": "1.1.1", "lessThan": "1.1.1t", "versionType": "custom"}, {"status": "affected", "version": "1.0.2", "lessThan": "1.0.2zg", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2023-02-07T00:00:00.000Z", "references": [{"url": "https://www.openssl.org/news/secadv/20230207.txt", "name": "OpenSSL Advisory", "tags": ["vendor-advisory"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", "name": "3.0.8 git commit", "tags": ["patch"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", "name": "1.1.1t git commit", "tags": ["patch"]}, {"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", "name": "1.0.2zg patch (premium)", "tags": ["patch"]}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"}, {"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"}, {"url": "https://security.gentoo.org/glsa/202402-08"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", "supportingMedia": [{"type": "text/html", "value": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "type confusion vulnerability"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2024-02-04T09:06:58.565Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0286", "state": "PUBLISHED", "dateUpdated": "2025-03-20T20:52:26.649Z", "dateReserved": "2023-01-13T10:40:41.259Z", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "datePublished": "2023-02-08T19:01:50.514Z", "assignerShortName": "openssl"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "70985D55-A574-4151-B451-4D500CBFC29A", "versionEndExcluding": "1.0.2zg", "versionStartIncluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE0061D6-8F81-45D3-B254-82A94915FD08", "versionEndExcluding": "1.1.1t", "versionStartIncluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DC5D88-4E99-48F2-8892-610ACA9B5B86", "versionEndExcluding": "3.0.8", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "62A933C5-C56E-485C-AD49-3B6A2C329131", "versionEndExcluding": "3.3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "27B77023-4983-4D33-9824-A120A5ED31BD", "versionEndExcluding": "2.7.11", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD398C8-BC0B-4ED5-B71A-B9C6D8F63659", "versionEndExcluding": "3.7.34", "versionStartIncluding": "2.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "31B59634-B59C-4391-96D3-200A86A6CE3E", "versionEndExcluding": "3.11.22", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7794B42-8235-4C75-866F-5D0A405F0989", "versionEndExcluding": "4.3.16", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A23A5D-928A-4225-9C93-31E5DFE215A7", "versionEndExcluding": "4.6.3", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network."}], "id": "CVE-2023-0286", "lastModified": "2025-03-20T21:15:16.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-02-08T20:15:24.267", "references": [{"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"}, {"source": "openssl-security@openssl.org", "tags": ["Third Party Advisory"], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"}, {"source": "openssl-security@openssl.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"}, {"source": "openssl-security@openssl.org", "url": "https://security.gentoo.org/glsa/202402-08"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20230207.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202402-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20230207.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-843"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:3355", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "openssl", "product_name": "JBCS httpd 2.4.51.sp2", "release_date": "2023-06-05T00:00:00Z"}, {"advisory": "RHSA-2023:3354", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-1:1.1.1k-14.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2023-06-05T00:00:00Z"}, {"advisory": "RHSA-2023:3354", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1k-14.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2023-06-05T00:00:00Z"}, {"advisory": "RHSA-2023:1438", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "openssl-0:1.0.1e-61.el6_10", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:1335", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "openssl-1:1.0.2k-26.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-03-20T00:00:00Z"}, {"advisory": "RHSA-2024:5136", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "openssl-1:1.0.2k-21.el7_7.1", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2023:2932", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "edk2-0:20220126gitbb1bba3d77-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:1405", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "openssl-1:1.1.1k-9.el8_7", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-03-22T00:00:00Z"}, {"advisory": "RHSA-2023:1437", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "openssl-1:1.1.1c-6.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:4124", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "edk2-0:20190829git37eef91017ad-9.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:1439", "cpe": "cpe:/o:redhat:rhel_aus:8.2", "package": "openssl-1:1.1.1c-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:4124", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "edk2-0:20190829git37eef91017ad-9.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:1439", "cpe": "cpe:/o:redhat:rhel_tus:8.2", "package": "openssl-1:1.1.1c-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:4124", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "edk2-0:20190829git37eef91017ad-9.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:1439", "cpe": "cpe:/o:redhat:rhel_e4s:8.2", "package": "openssl-1:1.1.1c-21.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:4252", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "edk2-0:20200602gitca407c7246bf-4.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-07-25T00:00:00Z"}, {"advisory": "RHSA-2023:1440", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "openssl-1:1.1.1g-18.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:4252", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "edk2-0:20200602gitca407c7246bf-4.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-07-25T00:00:00Z"}, {"advisory": "RHSA-2023:4252", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "edk2-0:20200602gitca407c7246bf-4.el8_4.3", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-07-25T00:00:00Z"}, {"advisory": "RHSA-2023:4128", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "edk2-0:20220126gitbb1bba3d77-2.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:1441", "cpe": "cpe:/o:redhat:rhel_eus:8.6", "package": "openssl-1:1.1.1k-8.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:0946", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "openssl-1:3.0.1-47.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:2165", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "edk2-0:20221207gitfff6d81270b5-9.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:0946", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "openssl-1:3.0.1-47.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:1199", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "openssl-1:3.0.1-46.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-03-14T00:00:00Z"}, {"advisory": "RHSA-2023:2022", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "edk2-0:20220126gitbb1bba3d77-3.el9_0.2", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-04-26T00:00:00Z"}, {"advisory": "RHSA-2023:3421", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7", "package": "openssl", "product_name": "Red Hat JBoss Web Server 5", "release_date": "2023-06-05T00:00:00Z"}, {"advisory": "RHSA-2023:3420", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el7", "package": "jws5-tomcat-native-0:1.2.31-14.redhat_14.el7jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 7", "release_date": "2023-06-05T00:00:00Z"}, {"advisory": "RHSA-2023:3420", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el8", "package": "jws5-tomcat-native-0:1.2.31-14.redhat_14.el8jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 8", "release_date": "2023-06-05T00:00:00Z"}, {"advisory": "RHSA-2023:3420", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el9", "package": "jws5-tomcat-native-0:1.2.31-14.redhat_14.el9jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 9", "release_date": "2023-06-05T00:00:00Z"}, {"advisory": "RHSA-2023:5209", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.3-202309130206_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2023-09-19T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.9.6-22", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.9.6-11", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-290", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/fluentd-rhel9:v5.9.6-4", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-270", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-loki-rhel9:v3.1.0-18", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.9.6-3", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-operator-bundle:v5.9.6-15", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-rhel9-operator:v5.9.6-5", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-639", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-277", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}, {"advisory": "RHSA-2024:6095", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/vector-rhel9:v0.34.1-16", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-09-11T00:00:00Z"}], "bugzilla": {"description": "openssl: X.400 address type confusion in X.509 GeneralName", "id": "2164440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified"}, "cwe": "CWE-704", "details": ["There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-0286", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Out of support scope", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2023-02-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0286\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0286\nhttps://www.openssl.org/news/secadv/20230207.txt"], "statement": "For shim in Red Hat Enterprise Linux 8 & 9, is not affected as shim doesn't support any CRL processing.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object