CVE-2023-0286
- ULN >
- Oracle Linux CVE repository >
- CVE-2023-0286
CVE Details
| Release Date: | 2023-02-07 |
Description
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
See more information about CVE-2023-0286 from MITRE CVE dictionary and NIST NVD
CVSS v3.0 metrics
NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.
| Base Score: | 7.4 | Base Metrics: | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
| Access Vector: | Network | Attack Complexity: | High |
| Privileges Required: | None | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | High |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 6 (openssl) | ELSA-2023-12297 | 2023-04-24 |
| Oracle Linux version 6 (openssl) | ELSA-2023-12326 | 2023-05-04 |
| Oracle Linux version 7 (edk2) | ELSA-2023-13026 | 2023-12-06 |
| Oracle Linux version 7 (edk2) | ELSA-2023-13027 | 2023-12-07 |
| Oracle Linux version 7 (openssl) | ELSA-2023-12205 | 2023-03-22 |
| Oracle Linux version 7 (openssl) | ELSA-2023-12210 | 2023-03-22 |
| Oracle Linux version 7 (openssl) | ELSA-2023-1335 | 2023-03-20 |
| Oracle Linux version 8 (edk2) | ELSA-2023-13025 | 2023-12-06 |
| Oracle Linux version 8 (edk2) | ELSA-2023-2932 | 2023-05-24 |
| Oracle Linux version 8 (edk2) | ELSA-2023-32791 | 2023-12-06 |
| Oracle Linux version 8 (openssl) | ELSA-2023-12213 | 2023-03-28 |
| Oracle Linux version 8 (openssl) | ELSA-2023-1405 | 2023-03-22 |
| Oracle Linux version 9 (edk2) | ELSA-2023-13024 | 2023-12-06 |
| Oracle Linux version 9 (edk2) | ELSA-2023-2165 | 2023-05-15 |
| Oracle Linux version 9 (edk2) | ELSA-2023-32790 | 2023-12-07 |
| Oracle Linux version 9 (openssl) | ELSA-2023-0946 | 2023-02-28 |
| Oracle Linux version 9 (openssl) | ELSA-2023-12152 | 2023-03-01 |
| Oracle VM version 3 (openssl) | OVMSA-2023-0013 | 2023-05-04 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
