CVE-2023-0465

EUVD-2023-12519
Applications that use a non-default option when verifying certificates may be
vulnerable to an attack from a malicious CA to circumvent certain checks.

Invalid certificate policies in leaf certificates are silently ignored by
OpenSSL and other certificate policy checks are skipped for that certificate.
A malicious CA could use this to deliberately assert invalid certificate policies
in order to circumvent policy checking on the certificate altogether.

Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
opensslopenssl
1.0.2 ≤
𝑥
< 1.0.2zh
opensslopenssl
1.1.1 ≤
𝑥
< 1.1.1u
opensslopenssl
3.0.0 ≤
𝑥
< 3.0.9
opensslopenssl
3.1.0 ≤
𝑥
< 3.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssl
bookworm
3.0.15-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
bullseye
1.1.1w-0+deb11u1
fixed
bullseye (security)
1.1.1w-0+deb11u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
needs-triage
focal
needed
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
not-affected
oracular
not-affected
trusty
ignored
xenial
needs-triage
nodejs
bionic
needs-triage
focal
not-affected
jammy
needed
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
needs-triage
openssl
bionic
Fixed 1.1.1-1ubuntu2.1~18.04.22
released
focal
Fixed 1.1.1f-1ubuntu2.18
released
jammy
Fixed 3.0.2-0ubuntu1.9
released
kinetic
Fixed 3.0.5-2ubuntu2.2
released
lunar
Fixed 3.0.8-1ubuntu1.1
released
mantic
Fixed 3.0.8-1ubuntu2
released
noble
Fixed 3.0.8-1ubuntu2
released
oracular
Fixed 3.0.8-1ubuntu2
released
trusty
Fixed 1.0.1f-1ubuntu2.27+esm7
released
xenial
Fixed 1.0.2g-1ubuntu4.20+esm7
released
openssl1.0
bionic
Fixed 1.0.2n-1ubuntu5.12
released
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20230414-0001/
https://www.debian.org/security/2023/dsa-5417
https://www.openssl.org/news/secadv/20230328.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20230414-0001/
https://www.debian.org/security/2023/dsa-5417
https://www.openssl.org/news/secadv/20230328.txt