Vulnerability Details CVE-2023-0286
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.856
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 7.4
References
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
- https://security.gentoo.org/glsa/202402-08
- https://www.openssl.org/news/secadv/20230207.txt
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
- https://security.gentoo.org/glsa/202402-08
- https://www.openssl.org/news/secadv/20230207.txt
Products affected by CVE-2023-0286
-
cpe:2.3:a:openssl:openssl:1.0.2
-
cpe:2.3:a:openssl:openssl:1.0.2a
-
cpe:2.3:a:openssl:openssl:1.0.2b
-
cpe:2.3:a:openssl:openssl:1.0.2c
-
cpe:2.3:a:openssl:openssl:1.0.2d
-
cpe:2.3:a:openssl:openssl:1.0.2e
-
cpe:2.3:a:openssl:openssl:1.0.2f
-
cpe:2.3:a:openssl:openssl:1.0.2g
-
cpe:2.3:a:openssl:openssl:1.0.2h
-
cpe:2.3:a:openssl:openssl:1.0.2i
-
cpe:2.3:a:openssl:openssl:1.0.2j
-
cpe:2.3:a:openssl:openssl:1.0.2k
-
cpe:2.3:a:openssl:openssl:1.0.2l
-
cpe:2.3:a:openssl:openssl:1.0.2m
-
cpe:2.3:a:openssl:openssl:1.0.2n
-
cpe:2.3:a:openssl:openssl:1.0.2o
-
cpe:2.3:a:openssl:openssl:1.0.2p
-
cpe:2.3:a:openssl:openssl:1.0.2q
-
cpe:2.3:a:openssl:openssl:1.0.2r
-
cpe:2.3:a:openssl:openssl:1.0.2s
-
cpe:2.3:a:openssl:openssl:1.0.2t
-
cpe:2.3:a:openssl:openssl:1.0.2u
-
cpe:2.3:a:openssl:openssl:1.0.2v
-
cpe:2.3:a:openssl:openssl:1.0.2w
-
cpe:2.3:a:openssl:openssl:1.0.2x
-
cpe:2.3:a:openssl:openssl:1.0.2y
-
cpe:2.3:a:openssl:openssl:1.0.2za
-
cpe:2.3:a:openssl:openssl:1.0.2zb
-
cpe:2.3:a:openssl:openssl:1.0.2zc
-
cpe:2.3:a:openssl:openssl:1.0.2zd
-
cpe:2.3:a:openssl:openssl:1.0.2ze
-
cpe:2.3:a:openssl:openssl:1.0.2zf
-
cpe:2.3:a:openssl:openssl:1.1.1
-
cpe:2.3:a:openssl:openssl:1.1.1a
-
cpe:2.3:a:openssl:openssl:1.1.1b
-
cpe:2.3:a:openssl:openssl:1.1.1c
-
cpe:2.3:a:openssl:openssl:1.1.1d
-
cpe:2.3:a:openssl:openssl:1.1.1e
-
cpe:2.3:a:openssl:openssl:1.1.1f
-
cpe:2.3:a:openssl:openssl:1.1.1g
-
cpe:2.3:a:openssl:openssl:1.1.1h
-
cpe:2.3:a:openssl:openssl:1.1.1i
-
cpe:2.3:a:openssl:openssl:1.1.1j
-
cpe:2.3:a:openssl:openssl:1.1.1k
-
cpe:2.3:a:openssl:openssl:1.1.1l
-
cpe:2.3:a:openssl:openssl:1.1.1m
-
cpe:2.3:a:openssl:openssl:1.1.1n
-
cpe:2.3:a:openssl:openssl:1.1.1o
-
cpe:2.3:a:openssl:openssl:1.1.1p
-
cpe:2.3:a:openssl:openssl:1.1.1q
-
cpe:2.3:a:openssl:openssl:1.1.1r
-
cpe:2.3:a:openssl:openssl:1.1.1s
-
cpe:2.3:a:openssl:openssl:3.0.0
-
cpe:2.3:a:openssl:openssl:3.0.1
-
cpe:2.3:a:openssl:openssl:3.0.2
-
cpe:2.3:a:openssl:openssl:3.0.3
-
cpe:2.3:a:openssl:openssl:3.0.4
-
cpe:2.3:a:openssl:openssl:3.0.5
-
cpe:2.3:a:openssl:openssl:3.0.6
-
cpe:2.3:a:openssl:openssl:3.0.7
-
cpe:2.3:a:stormshield:stormshield_management_center:-
-
cpe:2.3:a:stormshield:stormshield_management_center:3.2.2
-
cpe:2.3:a:stormshield:stormshield_management_center:3.3.0
-
cpe:2.3:a:stormshield:stormshield_management_center:3.3.1
-
cpe:2.3:a:stormshield:stormshield_management_center:3.3.2
-
cpe:2.3:a:stormshield:stormshield_network_security:2.10.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.11.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.12.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.13.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.14.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.15.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.16.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.1
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.10
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.2
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.3
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.4
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.7
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.8
-
cpe:2.3:a:stormshield:stormshield_network_security:2.7.9
-
cpe:2.3:a:stormshield:stormshield_network_security:2.8.0
-
cpe:2.3:a:stormshield:stormshield_network_security:2.8.1
-
cpe:2.3:a:stormshield:stormshield_network_security:2.8.2
-
cpe:2.3:a:stormshield:stormshield_network_security:2.9.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.0.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.0.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.0.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.0.3
-
cpe:2.3:a:stormshield:stormshield_network_security:3.1.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.1.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.1.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.10.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.12
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.13
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.17
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.18
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.19
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.20
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.21
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.4
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.5
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.8
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.9
-
cpe:2.3:a:stormshield:stormshield_network_security:3.2.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.2.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.3.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.3.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.3.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.4.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.4.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.4.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.4.3
-
cpe:2.3:a:stormshield:stormshield_network_security:3.5.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.5.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.5.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.6.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.6.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.10
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.13
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.16
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.17
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.20
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.21
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.24
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.25
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.29
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.30
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.33
-
cpe:2.3:a:stormshield:stormshield_network_security:3.8.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.8.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.9.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.0.0
-
cpe:2.3:a:stormshield:stormshield_network_security:4.0.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.0.4
-
cpe:2.3:a:stormshield:stormshield_network_security:4.1.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.1.4
-
cpe:2.3:a:stormshield:stormshield_network_security:4.1.5
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.0
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.10
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.11
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.12
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.13
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.14
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.2
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.3
-
cpe:2.3:a:stormshield:stormshield_network_security:4.2.9
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.0
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.10
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.11
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.12
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.12.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.13
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.14
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.15
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.3
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.4
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.5
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.6
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.7
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.8
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.9
-
cpe:2.3:a:stormshield:stormshield_network_security:4.4.0
-
cpe:2.3:a:stormshield:stormshield_network_security:4.4.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.5.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.5.2
-
cpe:2.3:a:stormshield:stormshield_network_security:4.5.3
-
cpe:2.3:a:stormshield:stormshield_network_security:4.5.4
-
cpe:2.3:a:stormshield:stormshield_network_security:4.6.0
-
cpe:2.3:a:stormshield:stormshield_network_security:4.6.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.6.2