Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2023-0286

Published: 08/02/2023 Updated: 04/02/2024
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 0
Subscribe to Openssl

Vulnerability Summary

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an malicious user to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the malicious user to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openssl openssl

stormshield stormshield network security

stormshield stormshield management center

Vendor Advisories

Debian Security Advisories: DSA-5343-1 openssl -- security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit, which may result in incomplete encryption, side channel attacks, denial of service or information disclosure Additional details can be found in the upstream advisories at wwwopensslorg/news/secadv/20220705txt and wwwopensslorg/news/secadv ...
Amazon Linux AMI: ALAS-2023-1683
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption This issue affects all RSA padding m ...
Red Hat:
Description<!---->A type confusion vulnerability was found in OpenSSL when OpenSSL X400 addresses processing inside an X509 GeneralName When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory ...
Amazon Linux 2: ALASOPENSSL-SNAPSAFE-2023-002
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption This issue affects all RSA padding m ...
Amazon Linux 2: ALAS2-2023-1935
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption This issue affects all RSA padding m ...
Amazon Linux 2: ALAS2-2023-1934
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption This issue affects all RSA padding m ...
Amazon Linux 2: ALAS-2024-2502
A null pointer dereference flaw was found in openssl A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service The highest threat from this vulnerability is to system availability (CVE-2020-1971) Calls to EVP_CipherUpdate, EVP_En ...
Red Hat: Moderate: OpenShift Container Platform 4.10.56 security update
Synopsis Moderate: OpenShift Container Platform 41056 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41056 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pla ...
Red Hat: Important: edk2 security update
Synopsis Important: edk2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for edk2 is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 265 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 265 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a ...
Red Hat: Important: edk2 security update
Synopsis Important: edk2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for edk2 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a securi ...
Red Hat: Important: Red Hat JBoss Web Server 5.7.3 release and security update
Synopsis Important: Red Hat JBoss Web Server 573 release and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Web Server 573 on Red Hat Enterprise Linux vers ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP2 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Apache HTTP Server 2451 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2451 SP2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2 ...
Red Hat: Moderate: Logging Subsystem for Red Hat OpenShift - 5.5.9 security update
Synopsis Moderate: Logging Subsystem for Red Hat OpenShift - 559 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Logging Subsystem for Red Hat OpenShift - 559Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: edk2 security update
Synopsis Important: edk2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for edk2 is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Moderate: Multicluster Engine for Kubernetes 2.1.6 security updates and bug fixes
Synopsis Moderate: Multicluster Engine for Kubernetes 216 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Multicluster Engine for Kubernetes 216 General Availability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Important: Red Hat OpenShift Data Foundation 4.11.7 Bug Fix and security update
Synopsis Important: Red Hat OpenShift Data Foundation 4117 Bug Fix and security update Type/Severity Security Advisory: Important Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4117 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this upda ...
Red Hat: Moderate: Release of OpenShift Serverless 1.29.0
Synopsis Moderate: Release of OpenShift Serverless 1290 Type/Severity Security Advisory: Moderate Topic OpenShift Serverless version 1290 contains a moderate security impactThe References section contains CVE links providing detailed severity ratingsfor each vulnerability Ratings are based on a Common Vulnerability ScoringSystem (CVSS) ...
Red Hat: Important: Red Hat JBoss Web Server 5.7.3 release and security update
Synopsis Important: Red Hat JBoss Web Server 573 release and security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Web Server 573 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows ServerRed Hat Product Security has rated this release a ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssl is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 179 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 179 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssl is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.8 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 258 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 258 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a ...
Red Hat: Moderate: OpenShift Container Platform 4.9.59 security update
Synopsis Moderate: OpenShift Container Platform 4959 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4959 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: Moderate: Multicluster Engine for Kubernetes 2.0.8 security updates and bug fixes
Synopsis Moderate: Multicluster Engine for Kubernetes 208 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Multicluster Engine for Kubernetes 208 General Availability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Moderate: OpenShift Container Platform 4.11.46 security update
Synopsis Moderate: OpenShift Container Platform 41146 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41146 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Plat ...
Red Hat: Important: OpenShift Virtualization 4.12.5 security and bug fix update
Synopsis Important: OpenShift Virtualization 4125 security and bug fix update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 4125 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security imp ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssl is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rate ...
Red Hat: Moderate: OpenShift Container Platform 4.11.34 bug fix and security update
Synopsis Moderate: OpenShift Container Platform 41134 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41134 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Red Hat: Important: openssl security and bug fix update
概述 Important: openssl security and bug fix update 类型/严重性 Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems 标题 An update for openssl is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Sec ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssl is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Securit ...
Red Hat: Critical: Multicluster Engine for Kubernetes 2.2.3 security updates and bug fixes
Synopsis Critical: Multicluster Engine for Kubernetes 223 security updates and bug fixes Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 223 General Availability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.7 security update
Synopsis Moderate: Red Hat OpenShift Service Mesh 227 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Service Mesh 227Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...
Red Hat: Important: Service Telemetry Framework 1.5.2 security update
Synopsis Important: Service Telemetry Framework 152 security update Type/Severity Security Advisory: Important Topic An update is now available for Service Telemetry Framework 152Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Important: Self Node Remediation Operator 0.5.1 security update
Synopsis Important: Self Node Remediation Operator 051 security update Type/Severity Security Advisory: Important Topic This is an updated version of the Self Node Remediation Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Commo ...
Red Hat: Important: Node Health Check Operator 0.4.1
Synopsis Important: Node Health Check Operator 041 Type/Severity Security Advisory: Important Topic This is an updated version of the Node Health Check Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: Node Maintenance Operator 5.0.1 security update
Synopsis Important: Node Maintenance Operator 501 security update Type/Severity Security Advisory: Important Topic This is an updated version of the Node Maintenance Operator This Operator is delivered by Red Hat Workload AvailabilityRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerab ...
Red Hat: Important: edk2 security update
Synopsis Important: edk2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for edk2 is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Linux 82 Telecommu ...
Red Hat: Critical: Multicluster Engine for Kubernetes 2.0 hotfix security update for console
Synopsis Critical: Multicluster Engine for Kubernetes 20 hotfix security update for console Type/Severity Security Advisory: Critical Topic Red Hat Multicluster Engine Hotfix Security Update for ConsoleRed Hat Product Security has rated this update as having a security impactof Critical A Common Vulnerability Scoring System (CVSS) base scor ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.7.3 security fixes and bug fixes
Synopsis Critical: Red Hat Advanced Cluster Management 273 security fixes and bug fixes Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 273 GeneralAvailability release images, which fix bugs and security updates container imagesRed Hat Product Security has rated this update as having a s ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Migration Toolkit for Applications security and bug fix update
Synopsis Important: Migration Toolkit for Applications security and bug fix update Type/Severity Security Advisory: Important Topic Migration Toolkit for Applications 610 releaseRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a deta ...
Red Hat: Important: edk2 security update
Synopsis Important: edk2 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for edk2 is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red Hat Enterprise Li ...
Red Hat: Moderate: OpenShift Container Platform 4.12.16 security update
Synopsis Moderate: OpenShift Container Platform 41216 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41216 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pla ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssl is now available for Red Hat Enterprise Linux 82 Advanced Update SupportRed Hat Product Security has rate ...
Red Hat: Important: openssl security update
Synopsis Important: openssl security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssl is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rat ...
Red Hat: Moderate: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update
Synopsis Moderate: Red Hat OpenShift Data Foundation 4122 Bug Fix and security update Type/Severity Security Advisory: Moderate Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4122 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this update ...
Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update
Synopsis Important: Migration Toolkit for Containers (MTC) 1710 security and bug fix update Type/Severity Security Advisory: Important Topic The Migration Toolkit for Containers (MTC) 1710 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Moderate: Secondary Scheduler Operator for Red Hat OpenShift 1.1.1 security update
Synopsis Moderate: Secondary Scheduler Operator for Red Hat OpenShift 111 security update Type/Severity Security Advisory: Moderate Topic Secondary Scheduler Operator for Red Hat OpenShift 111Red Hat Product Security has rated this update as having a security impact ofModerate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Important: OpenShift Container Platform 4.13.2 bug fix and security update
Synopsis Important: OpenShift Container Platform 4132 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...
Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus HTTP Server
Multiple vulnerabilities have been found in Cosminexus HTTP Server CVE-2022-4304, CVE-2022-4450, CVE-2023-0286 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Brocade Security Advisories: Access Denied
Menu Log in ...
Palo Alto Networks Security Advisory: PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/f35a0d1f6aca31045f5f2147da313f96
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/98c399e36f6402fb998b84a1a7aaa7b0
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/1bdc6732092efdd559b7ba58f0d870eb
Critical Infrastructure Sectors: Energy, Transportation Systems, Water and Wastewater Systems
https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/xkcd-2347/trust-api

API for trusted content

trust-api API server for trusted content (TC) Running on OpenShift See this repository Running locally Running: cargo run -- run -p 8080 Usage: curl --json '["pkg:maven/orgquarkus/quarkus@12"]' localhost:8080/api/package Testing with guac Start guac: podman run -p 8080:80

https://github.com/trustification/guac-rs

Guac Rust library This library provides toolkit for working with Guac from Rust It can be used for querying data using GraphQL API and ingesting data with collectors It also contains a command-line interface (CLI) that exposes query API and collectors Prerequisites In order to use this library and CLI, you need to have a running Guac instance (and preferably ingest some dat

https://github.com/neo9/fluentd

Patched Fluentd Docker Image Overview This Docker image is a patched version of Fluentd that addresses vulnerabilities linked to OpenSSL The primary purpose of this patched image is to provide an enhanced security profile for production deployments Files Dockerfile: Contains the build steps for creating the patched Fluentd Docker image OpenSSL Vulnerabilities Addressed Thi

https://github.com/dejanb/guac-rs

Guac Rust library This library provides toolkit for working with Guac from Rust It can be used for querying data using GraphQL API and ingesting data with collectors It also contains a command-line interface (CLI) that exposes query API and collectors Prerequisites In order to use this library and CLI, you need to have a running Guac instance (and preferably ingest some dat

References

CWE-843https://www.openssl.org/news/secadv/20230207.txthttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4dhttps://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txthttps://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sighttps://security.gentoo.org/glsa/202402-08https://www.debian.org/security/2023/dsa-5343https://nvd.nist.govhttps://github.com/xkcd-2347/trust-apihttps://www.cisa.gov/news-events/ics-advisories/icsa-24-004-02
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook