CVE-2023-0464

A security vulnerability has been identified in all supported versions

of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints.  Attackers may be able to exploit this
vulnerability by creating a malicious certificate chain that triggers
exponential use of computational resources, leading to a denial-of-service
(DoS) attack on affected systems.

Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
1.0.2 ≤
𝑥
< 1.0.2zh
opensslopenssl
1.1.1 ≤
𝑥
< 1.1.1u
opensslopenssl
3.0.0 ≤
𝑥
< 3.0.9
opensslopenssl
3.1.0 ≤
𝑥
< 3.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bookworm
3.0.15-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
needs-triage
focal
needed
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
needs-triage
nodejs
bionic
needs-triage
focal
not-affected
jammy
needed
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
needs-triage
openssl
bionic
Fixed 1.1.1-1ubuntu2.1~18.04.22
released
focal
Fixed 1.1.1f-1ubuntu2.18
released
jammy
Fixed 3.0.2-0ubuntu1.9
released
kinetic
Fixed 3.0.5-2ubuntu2.2
released
lunar
Fixed 3.0.8-1ubuntu1.1
released
mantic
Fixed 3.0.8-1ubuntu2
released
noble
Fixed 3.0.8-1ubuntu2
released
oracular
Fixed 3.0.8-1ubuntu2
released
trusty
Fixed 1.0.1f-1ubuntu2.27+esm7
released
xenial
Fixed 1.0.2g-1ubuntu4.20+esm7
released
openssl1.0
bionic
Fixed 1.0.2n-1ubuntu5.12
released
focal
dne
jammy
dne
kinetic
dne
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libopenssl-3-devel
suse enterprise desktop 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise desktop 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise desktop 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise sap 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libopenssl-3-fips-provider
suse enterprise desktop 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libopenssl-3-fips-provider-32bit
suse enterprise desktop 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libopenssl3
suse enterprise desktop 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise desktop 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise desktop 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise sap 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libopenssl3-32bit
suse enterprise desktop 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libpython3_11-1_0
suse enterprise desktop 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise desktop 15 SP7
3.11.11-150600.3.21.1
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise sap 15 SP7
3.11.11-150600.3.21.1
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise server 15 SP7
3.11.11-150600.3.21.1
fixed
libpython3_12-1_0
suse enterprise desktop 15 SP6
3.12.3-150600.1.5
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.5
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.5
fixed
openssl-3
suse enterprise desktop 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise desktop 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise desktop 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise sap 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP4
3.0.1-150400.4.20.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.3.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.3.6
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
python311
suse enterprise desktop 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.7
fixed
python311-base
suse enterprise desktop 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise desktop 15 SP7
3.11.11-150600.3.21.1
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise sap 15 SP7
3.11.11-150600.3.21.1
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise server 15 SP7
3.11.11-150600.3.21.1
fixed
python311-curses
suse enterprise desktop 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.7
fixed
python311-dbm
suse enterprise desktop 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.7
fixed
python311-devel
suse enterprise desktop 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.5
fixed
python311-idle
suse enterprise desktop 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.7
fixed
python311-tk
suse enterprise desktop 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.7
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.7
fixed
python311-tools
suse enterprise desktop 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise sap 15 SP6
3.11.9-150600.1.5
fixed
suse enterprise server 15 SP6
3.11.9-150600.1.5
fixed
python312
suse enterprise desktop 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.1
fixed
python312-base
suse enterprise desktop 15 SP6
3.12.3-150600.1.5
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.5
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.5
fixed
python312-curses
suse enterprise desktop 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.1
fixed
python312-dbm
suse enterprise desktop 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.1
fixed
python312-devel
suse enterprise desktop 15 SP6
3.12.3-150600.1.5
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.5
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.5
fixed
python312-idle
suse enterprise desktop 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.1
fixed
python312-tk
suse enterprise desktop 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.1
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.1
fixed
python312-tools
suse enterprise desktop 15 SP6
3.12.3-150600.1.5
fixed
suse enterprise sap 15 SP6
3.12.3-150600.1.5
fixed
suse enterprise server 15 SP6
3.12.3-150600.1.5
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
openssl
RHEL 9
1:3.0.7-16.el9_2
fixed
openssl-devel
RHEL 9
1:3.0.7-16.el9_2
fixed
openssl-libs
RHEL 9
1:3.0.7-16.el9_2
fixed
openssl-perl
RHEL 9
1:3.0.7-16.el9_2
fixed
Common Weakness Enumeration
References
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.couchbase.com/alerts/
https://www.debian.org/security/2023/dsa-5417
https://www.openssl.org/news/secadv/20230322.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20230406-0006/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://www.couchbase.com/alerts/
https://www.debian.org/security/2023/dsa-5417
https://www.openssl.org/news/secadv/20230322.txt