Lucene search

[email protected]CVE-2023-0216

HistoryFeb 08, 2023 - 8:15 p.m.

CVE-2023-0216

2023-02-0820:15:24

CWE-476

[email protected]

web.nvd.nist.gov

378

cve

2023

0216

pointer dereference

pkcs7

openssl

denial of service

nvd

security vulnerability

third party applications

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.

The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.

Affected configurations

NVD

Node

opensslopensslRange3.0.0–3.0.7

Node

stormshieldstormshield_management_centerRange<3.3.3

CPENameOperatorVersion
openssl:opensslopensslle3.0.7

CPE	Name	Operator	Version
openssl:openssl	openssl	le	3.0.7

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "OpenSSL",
    "vendor": "OpenSSL",
    "versions": [
      {
        "lessThan": "3.0.8",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "semver"
      }
    ]
  }
]