7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
58.9%
There is a type confusion vulnerability relating to X.400 address
processing inside an X.509 GeneralName. X.400 addresses were parsed as an
ASN1_STRING but the public structure definition for GENERAL_NAME
incorrectly specified the type of the x400Address field as ASN1_TYPE. This
field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp
as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled
(i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this
vulnerability may allow an attacker to pass arbitrary pointers to a memcmp
call, enabling them to read memory contents or enact a denial of service.
In most cases, the attack requires the attacker to provide both the
certificate chain and CRL, neither of which need to have a valid signature.
If the attacker only controls one of these inputs, the other input must
already contain an X.400 address as a CRL distribution point, which is
uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving
CRLs over a network.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | edk2 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | edk2 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | edk2 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | edk2 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | nodejs | < 12.22.9~dfsg-1ubuntu3.3 | UNKNOWN |
ubuntu | 18.04 | noarch | openssl | < 1.1.1-1ubuntu2.1~18.04.21 | UNKNOWN |
ubuntu | 20.04 | noarch | openssl | < 1.1.1f-1ubuntu2.17 | UNKNOWN |
ubuntu | 22.04 | noarch | openssl | < 3.0.2-0ubuntu1.8 | UNKNOWN |
ubuntu | 22.10 | noarch | openssl | < 3.0.5-2ubuntu2.1 | UNKNOWN |
ubuntu | 23.04 | noarch | openssl | < 3.0.8-1ubuntu1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-0286
nvd.nist.gov/vuln/detail/CVE-2023-0286
security-tracker.debian.org/tracker/CVE-2023-0286
ubuntu.com/security/notices/USN-5844-1
ubuntu.com/security/notices/USN-5845-1
ubuntu.com/security/notices/USN-5845-2
ubuntu.com/security/notices/USN-6564-1
www.cve.org/CVERecord?id=CVE-2023-0286
www.openssl.org/news/secadv/20230207.txt
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
58.9%