CVE-2023-0464
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-295
Validación incorrecta de certificados
Fecha de publicación:
22/03/2023
Última modificación:
05/05/2025
Descripción
*** Pendiente de traducción *** A security vulnerability has been identified in all supported versions<br />
<br />
of OpenSSL related to the verification of X.509 certificate chains<br />
that include policy constraints. Attackers may be able to exploit this<br />
vulnerability by creating a malicious certificate chain that triggers<br />
exponential use of computational resources, leading to a denial-of-service<br />
(DoS) attack on affected systems.<br />
<br />
Policy processing is disabled by default but can be enabled by passing<br />
the `-policy&#39; argument to the command line utilities or by calling the<br />
`X509_VERIFY_PARAM_set1_policies()&#39; function.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 1.0.2 (incluyendo) | 1.0.2zh (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 1.1.1 (incluyendo) | 1.1.1u (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.0.0 (incluyendo) | 3.0.9 (excluyendo) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.1.0 (incluyendo) | 3.1.1 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D2017771e2db3e2b96f89bbe8766c3209f6a99545
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D879f7080d7e141f415c79eaa3a8ac4a3dad0348b
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D959c59c7a0164117e7f8366466a32bb1f8d77ff1
- https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
- https://security.gentoo.org/glsa/202402-08
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5417
- https://www.openssl.org/news/secadv/20230322.txt
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D2017771e2db3e2b96f89bbe8766c3209f6a99545
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D879f7080d7e141f415c79eaa3a8ac4a3dad0348b
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba%3Dcommitdiff%3Bh%3D959c59c7a0164117e7f8366466a32bb1f8d77ff1
- https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
- https://security.gentoo.org/glsa/202402-08
- https://security.netapp.com/advisory/ntap-20230406-0006/
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://www.debian.org/security/2023/dsa-5417
- https://www.openssl.org/news/secadv/20230322.txt