CVE-2023-0286
Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
08/02/2023
Última modificación:
04/11/2025
Descripción
*** Pendiente de traducción *** There is a type confusion vulnerability relating to X.400 address processing<br />
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but<br />
the public structure definition for GENERAL_NAME incorrectly specified the type<br />
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by<br />
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an<br />
ASN1_STRING.<br />
<br />
When CRL checking is enabled (i.e. the application sets the<br />
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass<br />
arbitrary pointers to a memcmp call, enabling them to read memory contents or<br />
enact a denial of service. In most cases, the attack requires the attacker to<br />
provide both the certificate chain and CRL, neither of which need to have a<br />
valid signature. If the attacker only controls one of these inputs, the other<br />
input must already contain an X.400 address as a CRL distribution point, which<br />
is uncommon. As such, this vulnerability is most likely to only affect<br />
applications which have implemented their own functionality for retrieving CRLs<br />
over a network.
Impacto
Puntuación base 3.x
7.40
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 1.0.2 (incluyendo) | 1.0.2zg (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 1.1.1 (incluyendo) | 1.1.1t (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.0.0 (incluyendo) | 3.0.8 (excluyendo) |
| cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:* | 3.3.3 (excluyendo) | |
| cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* | 2.7.0 (incluyendo) | 2.7.11 (excluyendo) |
| cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* | 2.8.0 (incluyendo) | 3.7.34 (excluyendo) |
| cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* | 3.8.0 (incluyendo) | 3.11.22 (excluyendo) |
| cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* | 4.0.0 (incluyendo) | 4.3.16 (excluyendo) |
| cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* | 4.4.0 (incluyendo) | 4.6.3 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D2f7530077e0ef79d98718138716bc51ca0cad658
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3Dfd2af07dc083a350c959147097003a14a5e8ac4d
- https://security.gentoo.org/glsa/202402-08
- https://www.openssl.org/news/secadv/20230207.txt
- https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D2f7530077e0ef79d98718138716bc51ca0cad658
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3Dfd2af07dc083a350c959147097003a14a5e8ac4d
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
- https://security.gentoo.org/glsa/202402-08
- https://www.openssl.org/news/secadv/20230207.txt