Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-0217

Published: 08/02/2023 Updated: 04/02/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Openssl

Vulnerability Summary

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an malicious user to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

Vendor Advisories

Red Hat: Important: openssl security and bug fix update
概述 Important: openssl security and bug fix update 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for openssl is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Sec ...
Red Hat:
Description<!---->A flaw was found in OpenSSL An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function, most likely leading to an application crash This function can be called on public keys supplied from untrusted sources, which could allow an at ...
Palo Alto Networks Security Advisory: PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/71cffbbb5782b9d4ff8663dd3e2f52c6
https://ics-cert.us-cert.gov/advisories/98c399e36f6402fb998b84a1a7aaa7b0
Critical Infrastructure Sectors: Critical Manufacturing

References

CWE-476https://www.openssl.org/news/secadv/20230207.txthttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096https://security.gentoo.org/glsa/202402-08https://access.redhat.com/errata/RHSA-2023:1199https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-320-08https://access.redhat.com/security/cve/cve-2023-0217
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook