Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0464

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Published

2023-03-22T17:15:13.130

Last Modified

2025-05-05T16:15:26.103

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-295
Type: Secondary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	< 1.0.2zh	Yes
Application	openssl	openssl	< 1.1.1u	Yes
Application	openssl	openssl	< 3.0.9	Yes
Application	openssl	openssl	< 3.1.1	Yes

References

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545 Mailing List, Patch ([email protected])
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e Broken Link ([email protected])
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mailing List, Patch ([email protected])
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mailing List, Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html ([email protected])
https://security.gentoo.org/glsa/202402-08 ([email protected])
https://security.netapp.com/advisory/ntap-20240621-0006/ ([email protected])
https://www.couchbase.com/alerts/ ([email protected])
https://www.debian.org/security/2023/dsa-5417 ([email protected])
https://www.openssl.org/news/secadv/20230322.txt Vendor Advisory ([email protected])
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202402-08 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230406-0006/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240621-0006/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.couchbase.com/alerts/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2023/dsa-5417 (af854a3a-2127-422b-91ae-364da2661108)
https://www.openssl.org/news/secadv/20230322.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)