{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0465", "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "state": "PUBLISHED", "assignerShortName": "openssl", "dateReserved": "2023-01-24T13:51:42.650Z", "datePublished": "2023-03-28T14:30:39.707Z", "dateUpdated": "2024-08-02T05:10:56.368Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [{"lessThan": "3.1.1", "status": "affected", "version": "3.1.0", "versionType": "semver"}, {"lessThan": "3.0.9", "status": "affected", "version": "3.0.0", "versionType": "semver"}, {"lessThan": "1.1.1u", "status": "affected", "version": "1.1.1", "versionType": "custom"}, {"lessThan": "1.0.2zh", "status": "affected", "version": "1.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell"}], "datePublic": "2023-03-23T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Applications that use a non-default option when verifying certificates may be<br>vulnerable to an attack from a malicious CA to circumvent certain checks.<br><br>Invalid certificate policies in leaf certificates are silently ignored by<br>OpenSSL and other certificate policy checks are skipped for that certificate.<br>A malicious CA could use this to deliberately assert invalid certificate policies<br>in order to circumvent policy checking on the certificate altogether.<br><br>Policy processing is disabled by default but can be enabled by passing<br>the `-policy' argument to the command line utilities or by calling the<br>`X509_VERIFY_PARAM_set1_policies()' function."}], "value": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function."}], "metrics": [{"format": "other", "other": {"content": {"text": "Low"}, "type": "https://www.openssl.org/policies/secpolicy.html"}}], "problemTypes": [{"descriptions": [{"description": "improper certificate validation", "lang": "en"}]}], "providerMetadata": {"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl", "dateUpdated": "2023-03-28T14:30:39.707Z"}, "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory"], "url": "https://www.openssl.org/news/secadv/20230328.txt"}, {"name": "3.1.1 git commit", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c"}, {"name": "3.0.9 git commit", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb"}, {"name": "1.1.1u git commit", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95"}, {"name": "1.0.2zh patch (premium)", "tags": ["patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a"}, {"url": "https://security.netapp.com/advisory/ntap-20230414-0001/"}, {"url": "https://www.debian.org/security/2023/dsa-5417"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"}, {"url": "https://security.gentoo.org/glsa/202402-08"}], "source": {"discovery": "UNKNOWN"}, "title": "Invalid certificate policies in leaf certificates are silently ignored", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:56.368Z"}, "title": "CVE Program Container", "references": [{"name": "OpenSSL Advisory", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.openssl.org/news/secadv/20230328.txt"}, {"name": "3.1.1 git commit", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c"}, {"name": "3.0.9 git commit", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb"}, {"name": "1.1.1u git commit", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95"}, {"name": "1.0.2zh patch (premium)", "tags": ["patch", "x_transferred"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a"}, {"url": "https://security.netapp.com/advisory/ntap-20230414-0001/", "tags": ["x_transferred"]}, {"url": "https://www.debian.org/security/2023/dsa-5417", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202402-08", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "23F912E9-9126-4D16-8F77-BD41CED6774D", "versionEndExcluding": "1.0.2zh", "versionStartIncluding": "1.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "7D99C2F8-BE74-4912-8653-A2AEE387AAF9", "versionEndExcluding": "1.1.1u", "versionStartIncluding": "1.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C637E94-F5EC-4D4B-836F-8C8219F1ECEC", "versionEndExcluding": "3.0.9", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "matchCriteriaId": "68821BE0-7889-48B0-888D-CEC8BB9BDEA9", "versionEndExcluding": "3.1.1", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function."}], "id": "CVE-2023-0465", "lastModified": "2024-02-04T09:15:09.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-28T15:15:06.820", "references": [{"source": "openssl-security@openssl.org", "tags": ["Broken Link"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95"}, {"source": "openssl-security@openssl.org", "tags": ["Mailing List", "Patch"], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c"}, {"source": "openssl-security@openssl.org", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"}, {"source": "openssl-security@openssl.org", "url": "https://security.gentoo.org/glsa/202402-08"}, {"source": "openssl-security@openssl.org", "url": "https://security.netapp.com/advisory/ntap-20230414-0001/"}, {"source": "openssl-security@openssl.org", "url": "https://www.debian.org/security/2023/dsa-5417"}, {"source": "openssl-security@openssl.org", "tags": ["Vendor Advisory"], "url": "https://www.openssl.org/news/secadv/20230328.txt"}], "sourceIdentifier": "openssl-security@openssl.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7625", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-openssl-1:1.1.1k-16.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7625", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-1:1.1.1k-16.el7jbcs", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:3722", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "openssl-1:3.0.7-16.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-21T00:00:00Z"}, {"advisory": "RHSA-2023:3722", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "openssl-1:3.0.7-16.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-06-21T00:00:00Z"}, {"advisory": "RHSA-2023:7626", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "openssl", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7623", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7", "package": "openssl", "product_name": "Red Hat JBoss Web Server 5", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7622", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el7", "package": "jws5-tomcat-native-0:1.2.31-16.redhat_16.el7jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 7", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7622", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el8", "package": "jws5-tomcat-native-0:1.2.31-16.redhat_16.el8jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 8", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7622", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:5.7::el9", "package": "jws5-tomcat-native-0:1.2.31-16.redhat_16.el9jws", "product_name": "Red Hat JBoss Web Server 5.7 on RHEL 9", "release_date": "2023-12-07T00:00:00Z"}], "bugzilla": {"description": "openssl: Invalid certificate policies in leaf certificates are silently ignored", "id": "2182561", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182561"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "details": ["Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function."], "name": "CVE-2023-0465", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "compat-openssl10", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "openssl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "compat-openssl11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "shim", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Out of support scope", "package_name": "openssl", "product_name": "Red Hat JBoss Web Server 3"}], "public_date": "2023-03-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0465\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0465\nhttps://www.openssl.org/news/secadv/20230328.txt"], "threat_severity": "Low"}