Openssl Security Vulnerabilities and Issues — Openssl CVE List

Lucene search

OpensslOpenssl

3 matches found

CVE•added 2023/03/22 5:15 p.m.•653 views

CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of comp...

7.5CVSS7.3AI score0.00899EPSS

CVE•added 2023/03/28 3:15 p.m.•597 views

CVE-2023-0465

Applications that use a non-default option when verifying certificates may bevulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored byOpenSSL and other certificate policy checks are skipped for that certificat...

5.3CVSS6.8AI score0.00421EPSS

CVE•added 2023/03/28 3:15 p.m.•304 views

CVE-2023-0466

The function X509_VERIFY_PARAM_add0_policy() is documented toimplicitly enable the certificate policy check when doing certificateverification. However the implementation of the function does notenable the check which allows certificates with invalid or incorrectpolicies to pass the certificate ver...

5.3CVSS6.6AI score0.00666EPSS