2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2023-0286" ,
"sourceIdentifier" : "openssl-security@openssl.org" ,
"published" : "2023-02-08T20:15:24.267" ,
2023-07-19 02:01:21 +00:00
"lastModified" : "2023-07-19T00:54:18.790" ,
"vulnStatus" : "Analyzed" ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 7.4 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 2.2 ,
"impactScore" : 5.2
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-843"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "1.0.2" ,
"versionEndExcluding" : "1.0.2zg" ,
"matchCriteriaId" : "70985D55-A574-4151-B451-4D500CBFC29A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "1.1.1" ,
"versionEndExcluding" : "1.1.1t" ,
"matchCriteriaId" : "DE0061D6-8F81-45D3-B254-82A94915FD08"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.0.0" ,
"versionEndExcluding" : "3.0.8" ,
"matchCriteriaId" : "A6DC5D88-4E99-48F2-8892-610ACA9B5B86"
}
]
}
]
2023-07-19 02:01:21 +00:00
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "3.3.3" ,
"matchCriteriaId" : "62A933C5-C56E-485C-AD49-3B6A2C329131"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.7.0" ,
"versionEndExcluding" : "2.7.11" ,
"matchCriteriaId" : "27B77023-4983-4D33-9824-A120A5ED31BD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.8.0" ,
"versionEndExcluding" : "3.7.34" ,
"matchCriteriaId" : "8BD398C8-BC0B-4ED5-B71A-B9C6D8F63659"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "3.8.0" ,
"versionEndExcluding" : "3.11.22" ,
"matchCriteriaId" : "31B59634-B59C-4391-96D3-200A86A6CE3E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.0.0" ,
"versionEndExcluding" : "4.3.16" ,
"matchCriteriaId" : "F7794B42-8235-4C75-866F-5D0A405F0989"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "4.4.0" ,
"versionEndExcluding" : "4.6.3" ,
"matchCriteriaId" : "C8A23A5D-928A-4225-9C93-31E5DFE215A7"
}
]
}
]
2023-04-24 12:24:31 +02:00
}
] ,
"references" : [
{
"url" : "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" ,
2023-07-19 02:01:21 +00:00
"source" : "openssl-security@openssl.org" ,
"tags" : [
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" ,
2023-07-19 02:01:21 +00:00
"source" : "openssl-security@openssl.org" ,
"tags" : [
"Third Party Advisory"
]
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" ,
2023-07-19 02:01:21 +00:00
"source" : "openssl-security@openssl.org" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" ,
2023-07-19 02:01:21 +00:00
"source" : "openssl-security@openssl.org" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" ,
2023-07-19 02:01:21 +00:00
"source" : "openssl-security@openssl.org" ,
"tags" : [
"Patch" ,
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "https://www.openssl.org/news/secadv/20230207.txt" ,
"source" : "openssl-security@openssl.org" ,
"tags" : [
"Vendor Advisory"
]
}
]
}
