CVE-2025-9232 (GCVE-0-2025-9232)
Vulnerability from
Published
2025-09-30 13:17
Modified
2025-11-04 21:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
Issue summary: An application using the OpenSSL HTTP client API functions may
trigger an out-of-bounds read if the 'no_proxy' environment variable is set and
the host portion of the authority component of the HTTP URL is an IPv6 address.
Impact summary: An out-of-bounds read can trigger a crash which leads to
Denial of Service for an application.
The OpenSSL HTTP client API functions can be used directly by applications
but they are also used by the OCSP client functions and CMP (Certificate
Management Protocol) client implementation in OpenSSL. However the URLs used
by these implementations are unlikely to be controlled by an attacker.
In this vulnerable code the out of bounds read can only trigger a crash.
Furthermore the vulnerability requires an attacker-controlled URL to be
passed from an application to the OpenSSL function and the user has to have
a 'no_proxy' environment variable set. For the aforementioned reasons the
issue was assessed as Low severity.
The vulnerable code was introduced in the following patch releases:
3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the HTTP client implementation is outside the OpenSSL FIPS module
boundary.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T19:22:31.407504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T19:22:35.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:15:19.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.3",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.5",
"status": "affected",
"version": "3.3.3",
"versionType": "semver"
},
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.4",
"versionType": "semver"
},
{
"lessThan": "3.0.18",
"status": "affected",
"version": "3.0.16",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stanislav Fort (Aisle Research)"
}
],
"datePublic": "2025-09-30T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: An application using the OpenSSL HTTP client API functions may\u003cbr\u003etrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\u003cbr\u003ethe host portion of the authority component of the HTTP URL is an IPv6 address.\u003cbr\u003e\u003cbr\u003eImpact summary: An out-of-bounds read can trigger a crash which leads to\u003cbr\u003eDenial of Service for an application.\u003cbr\u003e\u003cbr\u003eThe OpenSSL HTTP client API functions can be used directly by applications\u003cbr\u003ebut they are also used by the OCSP client functions and CMP (Certificate\u003cbr\u003eManagement Protocol) client implementation in OpenSSL. However the URLs used\u003cbr\u003eby these implementations are unlikely to be controlled by an attacker.\u003cbr\u003e\u003cbr\u003eIn this vulnerable code the out of bounds read can only trigger a crash.\u003cbr\u003eFurthermore the vulnerability requires an attacker-controlled URL to be\u003cbr\u003epassed from an application to the OpenSSL function and the user has to have\u003cbr\u003ea \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\u003cbr\u003eissue was assessed as Low severity.\u003cbr\u003e\u003cbr\u003eThe vulnerable code was introduced in the following patch releases:\u003cbr\u003e3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\u003cbr\u003eissue, as the HTTP client implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary."
}
],
"value": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the \u0027no_proxy\u0027 environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na \u0027no_proxy\u0027 environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:17:19.172Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20250930.txt"
},
{
"name": "3.5.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35"
},
{
"name": "3.4.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3"
},
{
"name": "3.3.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0"
},
{
"name": "3.2.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf"
},
{
"name": "3.0.18 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read in HTTP client no_proxy handling",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-9232",
"datePublished": "2025-09-30T13:17:19.172Z",
"dateReserved": "2025-08-20T08:38:12.019Z",
"dateUpdated": "2025-11-04T21:15:19.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9231 (GCVE-0-2025-9231)
Vulnerability from
Published
2025-09-30 13:17
Modified
2025-11-04 21:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-385 - Covert Timing Channel
Summary
Issue summary: A timing side-channel which could potentially allow remote
recovery of the private key exists in the SM2 algorithm implementation on 64 bit
ARM platforms.
Impact summary: A timing side-channel in SM2 signature computations on 64 bit
ARM platforms could allow recovering the private key by an attacker..
While remote key recovery over a network was not attempted by the reporter,
timing measurements revealed a timing signal which may allow such an attack.
OpenSSL does not directly support certificates with SM2 keys in TLS, and so
this CVE is not relevant in most TLS contexts. However, given that it is
possible to add support for such certificates via a custom provider, coupled
with the fact that in such a custom provider context the private key may be
recoverable via remote timing measurements, we consider this to be a Moderate
severity issue.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as SM2 is not an approved algorithm.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T19:27:45.704985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T19:28:28.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:15:18.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.3",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.5",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Tomas Mraz"
}
],
"datePublic": "2025-09-30T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: A timing side-channel which could potentially allow remote\u003cbr\u003erecovery of the private key exists in the SM2 algorithm implementation on 64 bit\u003cbr\u003eARM platforms.\u003cbr\u003e\u003cbr\u003eImpact summary: A timing side-channel in SM2 signature computations on 64 bit\u003cbr\u003eARM platforms could allow recovering the private key by an attacker..\u003cbr\u003e\u003cbr\u003eWhile remote key recovery over a network was not attempted by the reporter,\u003cbr\u003etiming measurements revealed a timing signal which may allow such an attack.\u003cbr\u003e\u003cbr\u003eOpenSSL does not directly support certificates with SM2 keys in TLS, and so\u003cbr\u003ethis CVE is not relevant in most TLS contexts. However, given that it is\u003cbr\u003epossible to add support for such certificates via a custom provider, coupled\u003cbr\u003ewith the fact that in such a custom provider context the private key may be\u003cbr\u003erecoverable via remote timing measurements, we consider this to be a Moderate\u003cbr\u003eseverity issue.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\u003cbr\u003eissue, as SM2 is not an approved algorithm."
}
],
"value": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385 Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:17:12.007Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20250930.txt"
},
{
"name": "3.5.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2"
},
{
"name": "3.4.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4"
},
{
"name": "3.3.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe"
},
{
"name": "3.2.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Timing side-channel in SM2 algorithm on 64 bit ARM",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-9231",
"datePublished": "2025-09-30T13:17:12.007Z",
"dateReserved": "2025-08-20T08:38:09.832Z",
"dateUpdated": "2025-11-04T21:15:18.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9230 (GCVE-0-2025-9230)
Vulnerability from
Published
2025-09-30 13:17
Modified
2025-11-04 21:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Issue summary: An application trying to decrypt CMS messages encrypted using
password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application. The out-of-bounds write can cause
a memory corruption which can have various consequences including
a Denial of Service or Execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that the attacker would be able to
perform it is low. Besides, password based (PWRI) encryption support in CMS
messages is very rarely used. For that reason the issue was assessed as
Moderate severity according to our Security Policy.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-9230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T19:30:08.302408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T19:30:29.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:15:17.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/30/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.3",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.5",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.2.6",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.0.18",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zd",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zm",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stanislav Fort (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
}
],
"datePublic": "2025-09-30T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: An application trying to decrypt CMS messages encrypted using\u003cbr\u003epassword based encryption can trigger an out-of-bounds read and write.\u003cbr\u003e\u003cbr\u003eImpact summary: This out-of-bounds read may trigger a crash which leads to\u003cbr\u003eDenial of Service for an application. The out-of-bounds write can cause\u003cbr\u003ea memory corruption which can have various consequences including\u003cbr\u003ea Denial of Service or Execution of attacker-supplied code.\u003cbr\u003e\u003cbr\u003eAlthough the consequences of a successful exploit of this vulnerability\u003cbr\u003ecould be severe, the probability that the attacker would be able to\u003cbr\u003eperform it is low. Besides, password based (PWRI) encryption support in CMS\u003cbr\u003emessages is very rarely used. For that reason the issue was assessed as\u003cbr\u003eModerate severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\u003cbr\u003eissue, as the CMS implementation is outside the OpenSSL FIPS module\u003cbr\u003eboundary."
}
],
"value": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T13:17:00.808Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20250930.txt"
},
{
"name": "3.5.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482"
},
{
"name": "3.4.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280"
},
{
"name": "3.3.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45"
},
{
"name": "3.2.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd"
},
{
"name": "3.0.18 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def"
},
{
"name": "1.1.1zd git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba"
},
{
"name": "1.0.2zm git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2025-9230",
"datePublished": "2025-09-30T13:17:00.808Z",
"dateReserved": "2025-08-20T08:38:07.678Z",
"dateUpdated": "2025-11-04T21:15:17.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0401 (GCVE-0-2023-0401)
Vulnerability from
Published
2023-02-08 19:00
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- NULL pointer deference
Summary
A NULL pointer can be dereferenced when signatures are being
verified on PKCS7 signed or signedAndEnveloped data. In case the hash
algorithm used for the signature is known to the OpenSSL library but
the implementation of the hash algorithm is not available the digest
initialization will fail. There is a missing check for the return
value from the initialization function which later leads to invalid
usage of the digest API most likely leading to a crash.
The unavailability of an algorithm can be caused by using FIPS
enabled configuration of providers or more commonly by not loading
the legacy provider.
PKCS7 data is processed by the SMIME library calls and also by the
time stamp (TS) library calls. The TLS implementation in OpenSSL does
not call these functions however third party applications would be
affected if they call these functions to verify signatures on untrusted
data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:37.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:52.071727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:09:21.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hubert Kario (Red Hat)"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dmitry Belyavsky (Red Hat)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom\u00e1\u0161 Mr\u00e1z"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A NULL pointer can be dereferenced when signatures are being\u003cbr\u003everified on PKCS7 signed or signedAndEnveloped data. In case the hash\u003cbr\u003ealgorithm used for the signature is known to the OpenSSL library but\u003cbr\u003ethe implementation of the hash algorithm is not available the digest\u003cbr\u003einitialization will fail. There is a missing check for the return\u003cbr\u003evalue from the initialization function which later leads to invalid\u003cbr\u003eusage of the digest API most likely leading to a crash.\u003cbr\u003e\u003cbr\u003eThe unavailability of an algorithm can be caused by using FIPS\u003cbr\u003eenabled configuration of providers or more commonly by not loading\u003cbr\u003ethe legacy provider.\u003cbr\u003e\u003cbr\u003ePKCS7 data is processed by the SMIME library calls and also by the\u003cbr\u003etime stamp (TS) library calls. The TLS implementation in OpenSSL does\u003cbr\u003enot call these functions however third party applications would be\u003cbr\u003eaffected if they call these functions to verify signatures on untrusted\u003cbr\u003edata.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "NULL pointer deference",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T09:06:48.762Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL dereference during PKCS7 data verification",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0401",
"datePublished": "2023-02-08T19:00:53.435Z",
"dateReserved": "2023-01-19T14:01:41.081Z",
"dateUpdated": "2025-11-04T19:14:37.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0286 (GCVE-0-2023-0286)
Vulnerability from
Published
2023-02-08 19:01
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- type confusion vulnerability
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:36.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
},
{
"tags": [
"x_transferred"
],
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0286",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:57:22.031399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:52.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1t",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zg",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "David Benjamin (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hugo Landau"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "High"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "type confusion vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T09:06:58.565Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig"
},
{
"url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "X.400 address type confusion in X.509 GeneralName",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0286",
"datePublished": "2023-02-08T19:01:50.514Z",
"dateReserved": "2023-01-13T10:40:41.259Z",
"dateUpdated": "2025-11-04T19:14:36.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0217 (GCVE-0-2023-0217)
Vulnerability from
Published
2023-02-08 19:02
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- invalid pointer dereference
Summary
An invalid pointer dereference on read can be triggered when an
application tries to check a malformed DSA public key by the
EVP_PKEY_public_check() function. This will most likely lead
to an application crash. This function can be called on public
keys supplied from untrusted sources which could allow an attacker
to cause a denial of service attack.
The TLS implementation in OpenSSL does not call this function
but applications might call the function if there are additional
security requirements imposed by standards such as FIPS 140-3.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:35.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:50.208671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:09:30.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kurt Roeckx"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Shane Lontis from Oracle"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An invalid pointer dereference on read can be triggered when an\u003cbr\u003eapplication tries to check a malformed DSA public key by the\u003cbr\u003eEVP_PKEY_public_check() function. This will most likely lead\u003cbr\u003eto an application crash. This function can be called on public\u003cbr\u003ekeys supplied from untrusted sources which could allow an attacker\u003cbr\u003eto cause a denial of service attack.\u003cbr\u003e\u003cbr\u003eThe TLS implementation in OpenSSL does not call this function\u003cbr\u003ebut applications might call the function if there are additional\u003cbr\u003esecurity requirements imposed by standards such as FIPS 140-3.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "invalid pointer dereference",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T09:06:43.251Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL dereference validating DSA public key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0217",
"datePublished": "2023-02-08T19:02:48.524Z",
"dateReserved": "2023-01-11T12:02:46.441Z",
"dateUpdated": "2025-11-04T19:14:35.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0216 (GCVE-0-2023-0216)
Vulnerability from
Published
2023-02-08 19:03
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- invalid pointer dereference
Summary
An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:34.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:43.338536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:09:43.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marc Sch\u00f6nefeld"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom\u00e1\u0161 Mr\u00e1z"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An invalid pointer dereference on read can be triggered when an\u003cbr\u003eapplication tries to load malformed PKCS7 data with the\u003cbr\u003ed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\u003cbr\u003e\u003cbr\u003eThe result of the dereference is an application crash which could\u003cbr\u003elead to a denial of service attack. The TLS implementation in OpenSSL\u003cbr\u003edoes not call this function however third party applications might\u003cbr\u003ecall these functions on untrusted data.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "invalid pointer dereference",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T09:06:56.778Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Invalid pointer dereference in d2i_PKCS7 functions",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0216",
"datePublished": "2023-02-08T19:03:05.652Z",
"dateReserved": "2023-01-11T12:01:06.675Z",
"dateUpdated": "2025-11-04T19:14:34.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-0215 (GCVE-0-2023-0215)
Vulnerability from
Published
2023-02-08 19:03
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- use-after-free
Summary
The public API function BIO_new_NDEF is a helper function used for streaming
ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the
SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by
end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter
BIO onto the front of it to form a BIO chain, and then returns the new head of
the BIO chain to the caller. Under certain conditions, for example if a CMS
recipient public key is invalid, the new filter BIO is freed and the function
returns a NULL result indicating a failure. However, in this case, the BIO chain
is not properly cleaned up and the BIO passed by the caller still retains
internal pointers to the previously freed filter BIO. If the caller then goes on
to call BIO_pop() on the BIO then a use-after-free will occur. This will most
likely result in a crash.
This scenario occurs directly in the internal function B64_write_ASN1() which
may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on
the BIO. This internal function is in turn called by the public API functions
PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,
SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.
Other public API functions that may be impacted by this include
i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and
i2d_PKCS7_bio_stream.
The OpenSSL cms and smime command line applications are similarly affected.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:32.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230427-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-0215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:40.603939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:52.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1t",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zg",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Octavio Galland (Max Planck Institute for Security and Privacy)"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marcel B\u00f6hme (Max Planck Institute for Security and Privacy)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Viktor Dukhovni"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matt Caswell"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The public API function BIO_new_NDEF is a helper function used for streaming\u003cbr\u003eASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\u003cbr\u003eSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\u003cbr\u003eend user applications.\u003cbr\u003e\u003cbr\u003eThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\u003cbr\u003eBIO onto the front of it to form a BIO chain, and then returns the new head of\u003cbr\u003ethe BIO chain to the caller. Under certain conditions, for example if a CMS\u003cbr\u003erecipient public key is invalid, the new filter BIO is freed and the function\u003cbr\u003ereturns a NULL result indicating a failure. However, in this case, the BIO chain\u003cbr\u003eis not properly cleaned up and the BIO passed by the caller still retains\u003cbr\u003einternal pointers to the previously freed filter BIO. If the caller then goes on\u003cbr\u003eto call BIO_pop() on the BIO then a use-after-free will occur. This will most\u003cbr\u003elikely result in a crash.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis scenario occurs directly in the internal function B64_write_ASN1() which\u003cbr\u003emay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\u003cbr\u003ethe BIO. This internal function is in turn called by the public API functions\u003cbr\u003ePEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\u003cbr\u003eSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\u003cbr\u003e\u003cbr\u003eOther public API functions that may be impacted by this include\u003cbr\u003ei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\u003cbr\u003ei2d_PKCS7_bio_stream.\u003cbr\u003e\u003cbr\u003eThe OpenSSL cms and smime command line applications are similarly affected.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use-after-free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:45.229Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"
},
{
"name": "1.0.2zg patch (premium)",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0009/"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-free following BIO_new_NDEF",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2023-0215",
"datePublished": "2023-02-08T19:03:28.691Z",
"dateReserved": "2023-01-11T11:59:16.647Z",
"dateUpdated": "2025-11-04T19:14:32.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4450 (GCVE-0-2022-4450)
Vulnerability from
Published
2023-02-08 19:04
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- double-free
Summary
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the ability to supply malicious PEM
files for parsing to achieve a denial of service attack.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal
uses of these functions are not vulnerable because the caller does not free the
header argument if PEM_read_bio_ex() returns a failure code. These locations
include the PEM_read_bio_TYPE() functions as well as the decoders introduced in
OpenSSL 3.0.
The OpenSSL asn1parse command line application is also impacted by this issue.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:13.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:38.705489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:52.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1t",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "CarpetFuzz"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dawei Wang"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marc Sch\u00f6nefeld"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kurt Roeckx"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Matt Caswell"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\u003cbr\u003edecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\u003cbr\u003eIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\u003cbr\u003epopulated with pointers to buffers containing the relevant decoded data. The\u003cbr\u003ecaller is responsible for freeing those buffers. It is possible to construct a\u003cbr\u003ePEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\u003cbr\u003ewill return a failure code but will populate the header argument with a pointer\u003cbr\u003eto a buffer that has already been freed. If the caller also frees this buffer\u003cbr\u003ethen a double free will occur. This will most likely lead to a crash. This\u003cbr\u003ecould be exploited by an attacker who has the ability to supply malicious PEM\u003cbr\u003efiles for parsing to achieve a denial of service attack.\u003cbr\u003e\u003cbr\u003eThe functions PEM_read_bio() and PEM_read() are simple wrappers around\u003cbr\u003ePEM_read_bio_ex() and therefore these functions are also directly affected.\u003cbr\u003e\u003cbr\u003eThese functions are also called indirectly by a number of other OpenSSL\u003cbr\u003efunctions including PEM_X509_INFO_read_bio_ex() and\u003cbr\u003eSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\u003cbr\u003euses of these functions are not vulnerable because the caller does not free the\u003cbr\u003eheader argument if PEM_read_bio_ex() returns a failure code. These locations\u003cbr\u003einclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\u003cbr\u003eOpenSSL 3.0.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eThe OpenSSL asn1parse command line application is also impacted by this issue.\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Moderate"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "double-free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T09:06:50.535Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"name": "3.0.8 git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83"
},
{
"name": "1.1.1t git commit",
"tags": [
"patch"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Double free after calling PEM_read_bio_ex",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2022-4450",
"datePublished": "2023-02-08T19:04:04.874Z",
"dateReserved": "2022-12-13T13:38:08.598Z",
"dateUpdated": "2025-11-04T19:14:13.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4304 (GCVE-0-2022-4304)
Vulnerability from
Published
2023-02-08 19:04
Modified
2025-11-04 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- timing based side channel attack
Summary
A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.
For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:14:12.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-08"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-4304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:57:19.589862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:32:52.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1t",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zg",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hubert Kario from RedHat"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dmitry Belyavsky from RedHat"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hubert Kario from RedHat"
}
],
"datePublic": "2023-02-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\u003cbr\u003ewhich could be sufficient to recover a plaintext across a network in a\u003cbr\u003eBleichenbacher style attack. To achieve a successful decryption an attacker\u003cbr\u003ewould have to be able to send a very large number of trial messages for\u003cbr\u003edecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\u003cbr\u003eRSA-OEAP and RSASVE.\u003cbr\u003e\u003cbr\u003eFor example, in a TLS connection, RSA is commonly used by a client to send an\u003cbr\u003eencrypted pre-master secret to the server. An attacker that had observed a\u003cbr\u003egenuine connection between a client and a server could use this flaw to send\u003cbr\u003etrial messages to the server and record the time taken to process them. After a\u003cbr\u003esufficiently large number of messages the attacker could recover the pre-master\u003cbr\u003esecret used for the original connection and thus be able to decrypt the\u003cbr\u003eapplication data sent over that connection.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "MODERATE"
},
"type": "https://www.openssl.org/policies/secpolicy.html"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "timing based side channel attack",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T09:06:45.004Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.openssl.org/news/secadv/20230207.txt"
},
{
"url": "https://security.gentoo.org/glsa/202402-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Timing Oracle in RSA Decryption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2022-4304",
"datePublished": "2023-02-08T19:04:28.890Z",
"dateReserved": "2022-12-06T10:38:40.463Z",
"dateUpdated": "2025-11-04T19:14:12.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
displaying 1 - 10 organizations in total 40