Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2023/06/21 2:51 p.m.6 views

openssl: Certificate policy check not enabled

A flaw was found in OpenSSL. The X509VERIFYPARAMadd0policy function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass t...

5.3CVSS6.6AI score0.01625EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/03/30 1:45 a.m.2 views

SUSE CVE-2023-0465

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.9CVSS6.4AI score0.01583EPSS
Exploits0References86
OSV
OSV
added 2023/03/28 3:15 p.m.8 views

AZL-37716 CVE-2023-0465 affecting package hvloader for versions less than 1.0.1-9

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.7 views

AZL-31145 CVE-2023-0465 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.2 views

ALPINE-CVE-2023-0466

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

5.3CVSS6.9AI score0.01625EPSS
Exploits0References1
Rows per page
Query Builder