Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/353283?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/353283?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.18&reponame=main", "type": "apk", "namespace": "alpine", "name": "openssl", "version": "3.0.8-r0", "qualifiers": { "arch": "armhf", "distroversion": "v3.18", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.1.0-r2", "latest_non_vulnerable_version": "3.1.7-r1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44398?format=api", "vulnerability_id": "VCID-1hgm-58xg-r7bt", "summary": "Timing based side channel\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45219", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45151", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0007.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "reference_id": "2164487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "reference_id": "CVE-2022-4304", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1405", "reference_id": "RHSA-2023:1405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2165", "reference_id": "RHSA-2023:2165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2932", "reference_id": "RHSA-2023:2932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3408", "reference_id": "RHSA-2023:3408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3420", "reference_id": "RHSA-2023:3420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3421", "reference_id": "RHSA-2023:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4128", "reference_id": "RHSA-2023:4128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4128" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" }, { "reference_url": "https://usn.ubuntu.com/6564-1/", "reference_id": "USN-6564-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6564-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/353283?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.18&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.18&reponame=main" } ], "aliases": [ "CVE-2022-4304", "GHSA-p52g-cm5j-mjv4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hgm-58xg-r7bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44403?format=api", "vulnerability_id": "VCID-97cm-wmq1-gkfd", "summary": "NULL Pointer Dereference\nAn invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75417", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0086", "scoring_system": "epss", "scoring_elements": "0.75388", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0012.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "reference_id": "2164499", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164499" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", "reference_id": "CVE-2023-0217", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/353283?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.18&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.18&reponame=main" } ], "aliases": [ "CVE-2023-0217", "GHSA-vxrh-cpg7-8vjr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97cm-wmq1-gkfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44400?format=api", "vulnerability_id": "VCID-f2np-fk61-nbh1", "summary": "NULL Pointer Dereference\nAn invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0216.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.75325", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00853", "scoring_system": "epss", "scoring_elements": "0.75295", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0216" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0011.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "reference_id": "2164497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", "reference_id": "CVE-2023-0216", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/353283?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.18&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.18&reponame=main" } ], "aliases": [ "CVE-2023-0216", "GHSA-29xx-hcv2-c4cp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2np-fk61-nbh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44408?format=api", "vulnerability_id": "VCID-gj2m-z5b6-6yf2", "summary": "Double Free\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34966", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.3487", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0010.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "reference_id": "2164494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "reference_id": "CVE-2022-4450", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1405", "reference_id": "RHSA-2023:1405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2165", "reference_id": "RHSA-2023:2165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2932", "reference_id": "RHSA-2023:2932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3408", "reference_id": "RHSA-2023:3408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3420", "reference_id": "RHSA-2023:3420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3421", "reference_id": "RHSA-2023:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3421" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" }, { "reference_url": "https://usn.ubuntu.com/6564-1/", "reference_id": "USN-6564-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6564-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/353283?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.18&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.18&reponame=main" } ], "aliases": [ "CVE-2022-4450", "GHSA-v5w6-wcm8-jm4q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gj2m-z5b6-6yf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44405?format=api", "vulnerability_id": "VCID-taas-512g-jfdw", "summary": "Use After Free\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62898", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0043", "scoring_system": "epss", "scoring_elements": "0.62856", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0009.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "reference_id": "2164492", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "reference_id": "CVE-2023-0215", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0007/", "reference_id": "ntap-20230427-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0009/", "reference_id": "ntap-20230427-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0009/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006/", "reference_id": "ntap-20240621-0006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1405", "reference_id": "RHSA-2023:1405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2165", "reference_id": "RHSA-2023:2165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2932", "reference_id": "RHSA-2023:2932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3408", "reference_id": "RHSA-2023:3408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3420", "reference_id": "RHSA-2023:3420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3421", "reference_id": "RHSA-2023:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4128", "reference_id": "RHSA-2023:4128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4128" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" }, { "reference_url": "https://usn.ubuntu.com/5845-1/", "reference_id": "USN-5845-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5845-1/" }, { "reference_url": "https://usn.ubuntu.com/5845-2/", "reference_id": "USN-5845-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5845-2/" }, { "reference_url": "https://usn.ubuntu.com/6564-1/", "reference_id": "USN-6564-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6564-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/353283?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.18&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.18&reponame=main" } ], "aliases": [ "CVE-2023-0215", "GHSA-r7jw-wp68-3xch" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-taas-512g-jfdw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.18&reponame=main" }