OpenCVE

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openssl	Openssl
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
openssl-1:3.0.1-47.el9_1	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:0946	2023-02-28T00:00:00Z
openssl-1:3.0.1-47.el9_1	cpe:/o:redhat:enterprise_linux:9	RHSA-2023:0946	2023-02-28T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
openssl-1:3.0.1-46.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:1199	2023-03-14T00:00:00Z

References

Link	Providers
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096
https://nvd.nist.gov/vuln/detail/CVE-2023-0217
https://security.gentoo.org/glsa/202402-08
https://www.cve.org/CVERecord?id=CVE-2023-0217
https://www.openssl.org/news/secadv/20230207.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2023-02-08T19:02:48.524Z

Updated: 2024-08-02T05:02:43.920Z

Reserved: 2023-01-11T12:02:46.441Z

Link: CVE-2023-0217

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-08T20:15:24.213

Modified: 2024-11-21T07:36:46.077

Link: CVE-2023-0217

Redhat

Severity : Moderate

Publid Date: 2023-02-07T00:00:00Z

Links: CVE-2023-0217 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0217", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "state": "PUBLISHED", "assignerShortName": "openssl", "dateReserved": "2023-01-11T12:02:46.441Z", "datePublished": "2023-02-08T19:02:48.524Z", "dateUpdated": "2024-08-02T05:02:43.920Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Kurt Roeckx"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Shane Lontis from Oracle"}], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An invalid pointer dereference on read can be triggered when an<br>application tries to check a malformed DSA public key by the<br>EVP_PKEY_public_check() function. This will most likely lead<br>to an application crash. This function can be called on public<br>keys supplied from untrusted sources which could allow an attacker<br>to cause a denial of service attack.<br><br>The TLS implementation in OpenSSL does not call this function<br>but applications might call the function if there are additional<br>security requirements imposed by standards such as FIPS 140-3.<br><br>"}], "value": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.\n\n"}], "metrics": [{"format": "other", "other": {"content": {"text": "Moderate"}, "type": "https://www.openssl.org/policies/secpolicy.html"}}], "problemTypes": [{"descriptions": [{"description": "invalid pointer dereference", "lang": "en"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2023-02-24T14:44:48.097Z"}, "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory"], "url": "https://www.openssl.org/news/secadv/20230207.txt"}, {"name": "3.0.8 git commit", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"}, {"url": "https://security.gentoo.org/glsa/202402-08"}], "source": {"discovery": "UNKNOWN"}, "title": "NULL dereference validating DSA public key", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:02:43.920Z"}, "title": "CVE Program Container", "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20230207.txt"}, {"name": "3.0.8 git commit", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"}, {"url": "https://security.gentoo.org/glsa/202402-08", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "26EF8A48-B8E5-4D4D-8054-445D65171EAC", "versionEndIncluding": "3.0.7", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.\n\n"}], "id": "CVE-2023-0217", "lastModified": "2024-11-21T07:36:46.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-08T20:15:24.213", "references": [{"source": "openssl-security@openssl.org", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"}, {"source": "openssl-security@openssl.org", "url": "https://security.gentoo.org/glsa/202402-08"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20230207.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202402-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20230207.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0946", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "openssl-1:3.0.1-47.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:0946", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "openssl-1:3.0.1-47.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:1199", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "openssl-1:3.0.1-46.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-03-14T00:00:00Z"}], "bugzilla": {"description": "openssl: NULL dereference validating DSA public key", "id": "2164499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164499"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", "A flaw was found in OpenSSL. An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function, most likely leading to an application crash. This function can be called on public keys supplied from untrusted sources, which could allow an attacker to cause a denial of service."], "name": "CVE-2023-0217", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_core_services:1", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Core Services"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5", "fix_state": "Not affected", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 5"}], "public_date": "2023-02-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0217\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0217"], "statement": "Red Hat Enterprise Linux 6, 7, and 8 ships OpenSSL 1.1.1 and 1.0.2 which do not contain the incorrect code, so those are not affected by this CVE. Similarly, the versions of `shim` as shipped with Red Hat Enterprise Linux 8 and 9 are not affected by this issue.", "threat_severity": "Moderate"}