cve/2023/CVE-2023-0401.md

### [CVE-2023-0401](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401)
![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.0.0%3C%203.0.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20pointer%20deference&color=brighgreen)

### Description

A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Tuttu7/Yum-command
- https://github.com/a23au/awe-base-images
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/stkcat/awe-base-images
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-0401](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401)`
			`![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.0%3C%203.0.8%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=NULL%20pointer%20deference&color=brighgreen)`

			`### Description`

			A NULL pointer can be dereferenced when signatures are beingverified on PKCS7 signed or signedAndEnveloped data. In case the hashalgorithm used for the signature is known to the OpenSSL library butthe implementation of the hash algorithm is not available the digestinitialization will fail. There is a missing check for the returnvalue from the initialization function which later leads to invalidusage of the digest API most likely leading to a crash.The unavailability of an algorithm can be caused by using FIPSenabled configuration of providers or more commonly by not loadingthe legacy provider.PKCS7 data is processed by the SMIME library calls and also by thetime stamp (TS) library calls. The TLS implementation in OpenSSL doesnot call these functions however third party applications would beaffected if they call these functions to verify signatures on untrusteddata.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Tuttu7/Yum-command`
			`- https://github.com/a23au/awe-base-images`
			`- https://github.com/chnzzh/OpenSSL-CVE-lib`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/stkcat/awe-base-images`