CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being
verified on PKCS7 signed or signedAndEnveloped data. In case the hash
algorithm used for the signature is known to the OpenSSL library but
the implementation of the hash algorithm is not available the digest
initialization will fail. There is a missing check for the return
value from the initialization function which later leads to invalid
usage of the digest API most likely leading to a crash.

The unavailability of an algorithm can be caused by using FIPS
enabled configuration of providers or more commonly by not loading
the legacy provider.

PKCS7 data is processed by the SMIME library calls and also by the
time stamp (TS) library calls. The TLS implementation in OpenSSL does
not call these functions however third party applications would be
affected if they call these functions to verify signatures on untrusted
data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
opensslCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
opensslopenssl
3.0.0 ≤
𝑥
≤ 3.0.7
stormshieldstormshield_management_center
𝑥
< 3.3.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bullseye
1.1.1w-0+deb11u1
not-affected
buster
not-affected
bullseye (security)
1.1.1w-0+deb11u2
fixed
bookworm
3.0.15-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
ignored
nodejs
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
Fixed 12.22.9~dfsg-1ubuntu3.3
released
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
openssl
mantic
Fixed 3.0.8-1ubuntu1
released
lunar
Fixed 3.0.8-1ubuntu1
released
kinetic
Fixed 3.0.5-2ubuntu2.1
released
jammy
Fixed 3.0.2-0ubuntu1.8
released
focal
not-affected
bionic
not-affected
xenial
not-affected
trusty
not-affected
openssl1.0
kinetic
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674
https://security.gentoo.org/glsa/202402-08
https://www.openssl.org/news/secadv/20230207.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674
https://security.gentoo.org/glsa/202402-08
https://www.openssl.org/news/secadv/20230207.txt