Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-3.el9_0?arch=2

Type rpm

Namespace redhat

Name edk2

Version 20220126gitbb1bba3d77-3.el9_0

Qualifiers

arch	2

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-fep2-jgws-6qf6

vulnerability_id

VCID-fep2-jgws-6qf6

summary

Access of Resource Using Incompatible Type ('Type Confusion')
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0286

reference_id

reference_type

scores

value	0.88334
scoring_system	epss
scoring_elements	0.99513
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0286

reference_url	https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
reference_id
reference_type
scores
url	https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

reference_url	https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
reference_id
reference_type
scores
url	https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/pyca/cryptography
reference_id
reference_type
scores
url	https://github.com/pyca/cryptography

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

reference_url	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
url	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url	https://rustsec.org/advisories/RUSTSEC-2023-0006.html
reference_id
reference_type
scores
url	https://rustsec.org/advisories/RUSTSEC-2023-0006.html

reference_url	https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202402-08

reference_url	https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
url	https://www.openssl.org/news/secadv/20230207.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164440
reference_id	2164440
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164440

reference_url	https://access.redhat.com/security/cve/cve-2023-0286
reference_id	CVE-2023-0286
reference_type
scores
url	https://access.redhat.com/security/cve/cve-2023-0286

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0286
reference_id	CVE-2023-0286
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0286

reference_url	https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
reference_id	GHSA-x4qr-2fvf-3mr5
reference_type
scores
url	https://github.com/advisories/GHSA-x4qr-2fvf-3mr5

reference_url	https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
reference_id	GHSA-x4qr-2fvf-3mr5
reference_type
scores
url	https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://access.redhat.com/errata/RHSA-2023:1335
reference_id	RHSA-2023:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1335

reference_url	https://access.redhat.com/errata/RHSA-2023:1405
reference_id	RHSA-2023:1405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1405

reference_url	https://access.redhat.com/errata/RHSA-2023:1437
reference_id	RHSA-2023:1437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1437

reference_url	https://access.redhat.com/errata/RHSA-2023:1438
reference_id	RHSA-2023:1438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1438

reference_url	https://access.redhat.com/errata/RHSA-2023:1439
reference_id	RHSA-2023:1439
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1439

reference_url	https://access.redhat.com/errata/RHSA-2023:1440
reference_id	RHSA-2023:1440
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1440

reference_url	https://access.redhat.com/errata/RHSA-2023:1441
reference_id	RHSA-2023:1441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1441

reference_url	https://access.redhat.com/errata/RHSA-2023:2022
reference_id	RHSA-2023:2022
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2022

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url	https://access.redhat.com/errata/RHSA-2023:2932
reference_id	RHSA-2023:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2932

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3420
reference_id	RHSA-2023:3420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3420

reference_url	https://access.redhat.com/errata/RHSA-2023:3421
reference_id	RHSA-2023:3421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3421

reference_url	https://access.redhat.com/errata/RHSA-2023:4124
reference_id	RHSA-2023:4124
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4124

reference_url	https://access.redhat.com/errata/RHSA-2023:4128
reference_id	RHSA-2023:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4128

reference_url	https://access.redhat.com/errata/RHSA-2023:4252
reference_id	RHSA-2023:4252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4252

reference_url	https://access.redhat.com/errata/RHSA-2023:5209
reference_id	RHSA-2023:5209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5209

reference_url	https://access.redhat.com/errata/RHSA-2024:5136
reference_id	RHSA-2024:5136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5136

reference_url	https://access.redhat.com/errata/RHSA-2024:6095
reference_id	RHSA-2024:6095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6095

reference_url	https://access.redhat.com/errata/RHSA-2025:7733
reference_id	RHSA-2025:7733
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7733

reference_url	https://access.redhat.com/errata/RHSA-2025:7895
reference_id	RHSA-2025:7895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7895

reference_url	https://access.redhat.com/errata/RHSA-2025:7937
reference_id	RHSA-2025:7937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7937

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/5845-1/
reference_id	USN-5845-1
reference_type
scores
url	https://usn.ubuntu.com/5845-1/

reference_url	https://usn.ubuntu.com/5845-2/
reference_id	USN-5845-2
reference_type
scores
url	https://usn.ubuntu.com/5845-2/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

fixed_packages

aliases

CVE-2023-0286, GHSA-x4qr-2fvf-3mr5

risk_score

10.0

exploitability

2.0

weighted_severity

6.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fep2-jgws-6qf6

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-3.el9_0%3Farch=2

Package Instance