{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-0464", "ASSIGNER": "openssl-security@openssl.org", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "inefficient algorithmic complexity" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "OpenSSL", "product": { "product_data": [ { "product_name": "OpenSSL", "version": { "version_data": [ { "version_affected": "<", "version_name": "3.1.0", "version_value": "3.1.1" }, { "version_affected": "<", "version_name": "3.0.0", "version_value": "3.0.9" }, { "version_affected": "<", "version_name": "1.1.1", "version_value": "1.1.1u" }, { "version_affected": "<", "version_name": "1.0.2", "version_value": "1.0.2zh" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.openssl.org/news/secadv/20230322.txt", "refsource": "MISC", "name": "https://www.openssl.org/news/secadv/20230322.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", "refsource": "MISC", "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", "refsource": "MISC", "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", "refsource": "MISC", "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", "refsource": "MISC", "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e" }, { "url": "https://www.couchbase.com/alerts/", "refsource": "MISC", "name": "https://www.couchbase.com/alerts/" }, { "url": "https://www.debian.org/security/2023/dsa-5417", "refsource": "MISC", "name": "https://www.debian.org/security/2023/dsa-5417" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "refsource": "MISC", "name": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html" }, { "url": "https://security.gentoo.org/glsa/202402-08", "refsource": "MISC", "name": "https://security.gentoo.org/glsa/202402-08" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "UNKNOWN" }, "credits": [ { "lang": "en", "value": "David Benjamin (Google)" }, { "lang": "en", "value": "Dr Paul Dale" } ] }