CVE-2023-0286
Public on 2023-02-08
Modified on 2023-06-12
Description
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | edk2 | 2024-03-13 | ALAS2-2024-2502 | Fixed |
| Amazon Linux 1 | openssl | 2023-02-03 | ALAS-2023-1683 | Fixed |
| Amazon Linux 2 - Core | openssl | 2023-02-03 | ALAS2-2023-1935 | Fixed |
| Amazon Linux 2023 | openssl | 2023-02-17 | ALAS2023-2023-101 | Fixed |
| Amazon Linux 2 - Openssl-snapsafe Extra | openssl-snapsafe | 2023-07-17 | ALAS2OPENSSL-SNAPSAFE-2023-002 | Fixed |
| Amazon Linux 2 - Core | openssl11 | 2023-02-03 | ALAS2-2023-1934 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.1 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 7.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |