CVE-ID: CVE-2023-0286
BDU-ID: 2023-00665
CVE-Crit: HIGH
CVE-DESC: A vulnerability in the GENERAL_NAME_cmp function of the OpenSSL library is related to a flaw in the data type conversion mechanism for x400 address processing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update openssl command

OSVersionArchitecturePackageVersionFilename
rosaanynoarchopenssl< 1.0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
rosa	any	noarch	openssl	< 1.0.2	UNKNOWN

redhat 13

oraclelinux 8

nessus 68

ibm 27

openvas 29

osv 8

cbl_mariner 9

debiancve 1

prion 1

ics 5

hivepro 1

wolfi 1

ubuntucve 1

redhatcve 1

alpinelinux 1

rustsec 1

githubexploit 1

github 2

cve 1

veracode 1

freebsd 1

cgr 1

f5 1

cvelist 1

openssl 1

nvd 1

centos 1

cloudfoundry 1

ubuntu 2

cloudlinux 1

trellix 2

redos 1

amazon 2

altlinux 1

almalinux 1

freebsd_advisory 1

redhat

(RHSA-2023:1335) Important: openssl security update

2023-03-20 09:19:58

(RHSA-2023:4124) Important: edk2 security update

2023-07-18 07:16:46

(RHSA-2023:2022) Important: edk2 security update

2023-04-26 08:02:19

oraclelinux

openssl security update

2023-03-20 00:00:00

openssl security update

2023-04-24 00:00:00

openssl security update

2023-03-22 00:00:00

nessus

RHEL 8 : openssl (RHSA-2023:1440)

2023-03-23 00:00:00

FreeBSD : py-cryptography -- includes a vulnerable copy of OpenSSL (c1a8ed1c-2814-4260-82aa-9e37c83aac93)

2023-04-14 00:00:00

F5 Networks BIG-IP : OpenSSL vulnerability (K000132941)

2023-06-23 00:00:00

ibm

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-0286]

2023-04-04 06:36:31

Security Bulletin: CVE-2023-0286 may affect IBM CICS TX Advanced 10.1

2023-05-09 17:32:10

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to OpenSSL denial of service (Cryptography package)

2023-06-29 13:28:12

openvas

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-1962)

2023-05-18 00:00:00

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2077)

2023-06-07 00:00:00

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2277)

2023-07-04 00:00:00

osv

CGA-ggm2-q8g9-2257

2024-06-06 12:27:27

CGA-6vj8-747q-h83f

2024-06-06 12:23:15

X.400 address type confusion in X.509 `GeneralName`

2023-02-07 12:00:00

cbl_mariner

CVE-2023-0286 affecting package hvloader for versions less than 1.0.1-4

2024-08-14 20:42:16

CVE-2023-0286 affecting package cloud-hypervisor for versions less than 30.0-2

2023-04-16 02:55:47

CVE-2023-0286 affecting package reaper 3.1.1-6

2024-09-20 21:11:59

debiancve

CVE-2023-0286

2023-02-08 20:15:24

prion

Type confusion

2023-02-08 20:15:00

ics

Siemens Address Processing in SIMATIC

2023-08-10 12:00:00

Mitsubishi Electric Factory Automation Products

2024-01-04 12:00:00

Hitachi Energy Lumada APM Edge

2023-09-12 12:00:00

hivepro

OpenSSL Releases Update to Address Several High-Severity Vulnerabilities

2023-02-10 12:55:54

wolfi

CVE-2023-0286 vulnerabilities

2024-09-20 21:14:10

ubuntucve

CVE-2023-0286

2023-02-07 00:00:00

redhatcve

CVE-2023-0286

2023-02-07 17:30:51

alpinelinux

CVE-2023-0286

2023-02-08 20:15:24

rustsec

X.400 address type confusion in X.509 `GeneralName`

2023-02-07 12:00:00

githubexploit

Exploit for Type Confusion in Openssl

2023-03-21 04:57:37

github

Vulnerable OpenSSL included in sgx-dcap-quote-verify-python

2023-02-14 00:30:22

Vulnerable OpenSSL included in cryptography wheels

2023-02-08 22:17:06

cve

CVE-2023-0286

2023-02-08 20:15:24

veracode

Type Confusion

2023-02-09 20:56:17

freebsd

py-cryptography -- includes a vulnerable copy of OpenSSL

2023-02-08 00:00:00

cgr

CVE-2023-0286 vulnerabilities

2024-05-19 03:07:16

K000132941 : OpenSSL vulnerability CVE-2023-0286

2023-03-13 00:00:00

cvelist

CVE-2023-0286 X.400 address type confusion in X.509 GeneralName

2023-02-08 19:01:50

openssl

Vulnerability in OpenSSL CVE-2023-0286

2023-02-07 00:00:00

nvd

CVE-2023-0286

2023-02-08 20:15:24

centos

openssl security update

2023-03-22 14:01:44

cloudfoundry

USN-5845-1: OpenSSL vulnerabilities | Cloud Foundry

2023-02-24 00:00:00

ubuntu

OpenSSL vulnerabilities

2023-02-07 00:00:00

OpenSSL vulnerabilities

2023-02-07 00:00:00

cloudlinux

openssl: Fix of 2 CVEs

2023-02-10 10:39:56

trellix

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

2023-02-09 00:00:00

CVE-2023-0286: The OpenSSL Who Cried “Severity: High

2023-02-09 00:00:00

redos

ROS-20230620-06

2023-06-20 00:00:00

amazon

Important: openssl

2023-02-03 23:39:00

Important: openssl

2023-02-03 19:19:00

altlinux

Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1t-alt1

2023-02-10 00:00:00

almalinux

Important: edk2 security update

2023-05-16 00:00:00

freebsd_advisory

FreeBSD-SA-23:03.openssl

2023-02-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.003

Percentile

71.8%

JSON

Related for ROSA-SA-2023-2152