Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/382424?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "type": "apk", "namespace": "alpine", "name": "openssl", "version": "3.0.8-r0", "qualifiers": { "arch": "armhf", "distroversion": "v3.20", "reponame": "main" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.1.0-r1", "latest_non_vulnerable_version": "3.3.7-r0", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16375?format=api", "vulnerability_id": "VCID-1ggt-ugh5-jqeu", "summary": "NULL Pointer Dereference\nAn invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0216.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78265", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.7827", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78256", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.7823", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78248", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01123", "scoring_system": "epss", "scoring_elements": "0.78217", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0216" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0011.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "reference_id": "2164497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164497" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", "reference_id": "CVE-2023-0216", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0216" }, { "reference_url": "https://github.com/advisories/GHSA-29xx-hcv2-c4cp", "reference_id": "GHSA-29xx-hcv2-c4cp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29xx-hcv2-c4cp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" } ], "aliases": [ "CVE-2023-0216", "GHSA-29xx-hcv2-c4cp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ggt-ugh5-jqeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16380?format=api", "vulnerability_id": "VCID-8s28-acfa-kkhj", "summary": "NULL Pointer Dereference\nAn invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6816", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68193", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68167", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68115", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.6812", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0012.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "reference_id": "2164499", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164499" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", "reference_id": "CVE-2023-0217", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0217" }, { "reference_url": "https://github.com/advisories/GHSA-vxrh-cpg7-8vjr", "reference_id": "GHSA-vxrh-cpg7-8vjr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxrh-cpg7-8vjr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" } ], "aliases": [ "CVE-2023-0217", "GHSA-vxrh-cpg7-8vjr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8s28-acfa-kkhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16385?format=api", "vulnerability_id": "VCID-aens-jq7w-f7bh", "summary": "Double Free\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35178", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35255", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35164", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35209", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35234", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35237", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35202", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0010.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "reference_id": "2164494", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "reference_id": "CVE-2022-4450", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450" }, { "reference_url": "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", "reference_id": "GHSA-v5w6-wcm8-jm4q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1405", "reference_id": "RHSA-2023:1405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2165", "reference_id": "RHSA-2023:2165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2932", "reference_id": "RHSA-2023:2932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3408", "reference_id": "RHSA-2023:3408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3420", "reference_id": "RHSA-2023:3420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3421", "reference_id": "RHSA-2023:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3421" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" }, { "reference_url": "https://usn.ubuntu.com/6564-1/", "reference_id": "USN-6564-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6564-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" } ], "aliases": [ "CVE-2022-4450", "GHSA-v5w6-wcm8-jm4q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aens-jq7w-f7bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16382?format=api", "vulnerability_id": "VCID-d83w-756y-3bfv", "summary": "Use After Free\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66108", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66138", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66151", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66131", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66119", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66103", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66071", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0009.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240621-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "reference_id": "2164492", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "reference_id": "CVE-2023-0215", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215" }, { "reference_url": "https://github.com/advisories/GHSA-r7jw-wp68-3xch", "reference_id": "GHSA-r7jw-wp68-3xch", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7jw-wp68-3xch" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0007/", "reference_id": "ntap-20230427-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0009/", "reference_id": "ntap-20230427-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1405", "reference_id": "RHSA-2023:1405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2165", "reference_id": "RHSA-2023:2165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2932", "reference_id": "RHSA-2023:2932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3408", "reference_id": "RHSA-2023:3408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3420", "reference_id": "RHSA-2023:3420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3421", "reference_id": "RHSA-2023:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4128", "reference_id": "RHSA-2023:4128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4128" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" }, { "reference_url": "https://usn.ubuntu.com/5845-1/", "reference_id": "USN-5845-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5845-1/" }, { "reference_url": "https://usn.ubuntu.com/5845-2/", "reference_id": "USN-5845-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5845-2/" }, { "reference_url": "https://usn.ubuntu.com/6564-1/", "reference_id": "USN-6564-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6564-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" } ], "aliases": [ "CVE-2023-0215", "GHSA-r7jw-wp68-3xch" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d83w-756y-3bfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16371?format=api", "vulnerability_id": "VCID-gnpm-mnpa-3kdg", "summary": "Timing based side channel\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48911", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48929", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48912", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48915", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48861", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48907", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48881", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0007.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "reference_id": "2164487", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "reference_id": "CVE-2022-4304", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304" }, { "reference_url": "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", "reference_id": "GHSA-p52g-cm5j-mjv4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p52g-cm5j-mjv4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1405", "reference_id": "RHSA-2023:1405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2165", "reference_id": "RHSA-2023:2165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2932", "reference_id": "RHSA-2023:2932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3408", "reference_id": "RHSA-2023:3408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3420", "reference_id": "RHSA-2023:3420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3421", "reference_id": "RHSA-2023:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4128", "reference_id": "RHSA-2023:4128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4128" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" }, { "reference_url": "https://usn.ubuntu.com/6564-1/", "reference_id": "USN-6564-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6564-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" } ], "aliases": [ "CVE-2022-4304", "GHSA-p52g-cm5j-mjv4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpm-mnpa-3kdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16589?format=api", "vulnerability_id": "VCID-tk2r-atbr-73ge", "summary": "Out-of-bounds Read\nA read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4203.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73038", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73065", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73041", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73027", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.7299", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.72994", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-4203" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0008.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "reference_id": "2164488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164488" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", "reference_id": "CVE-2022-4203", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4203" }, { "reference_url": "https://github.com/advisories/GHSA-w67w-mw4j-8qrv", "reference_id": "GHSA-w67w-mw4j-8qrv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w67w-mw4j-8qrv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" } ], "aliases": [ "CVE-2022-4203", "GHSA-w67w-mw4j-8qrv" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2r-atbr-73ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16373?format=api", "vulnerability_id": "VCID-x2wm-3tk7-wbbv", "summary": "Access of Resource Using Incompatible Type ('Type Confusion')\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.88474", "scoring_system": "epss", "scoring_elements": "0.99496", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.88474", "scoring_system": "epss", "scoring_elements": "0.99495", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.88981", "scoring_system": "epss", "scoring_elements": "0.99526", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.88981", "scoring_system": "epss", "scoring_elements": "0.99525", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.89087", "scoring_system": "epss", "scoring_elements": "0.99528", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.89087", "scoring_system": "epss", "scoring_elements": "0.99529", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286" }, { "reference_url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/" } ], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "reference_url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/" } ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/pyca/cryptography", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0006.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "reference_id": "2164440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2023-0286", "reference_id": "CVE-2023-0286", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2023-0286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", "reference_id": "CVE-2023-0286", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286" }, { "reference_url": "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", "reference_id": "GHSA-x4qr-2fvf-3mr5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5" }, { "reference_url": "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", "reference_id": "GHSA-x4qr-2fvf-3mr5", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1335", "reference_id": "RHSA-2023:1335", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1405", "reference_id": "RHSA-2023:1405", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1405" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1437", "reference_id": "RHSA-2023:1437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1438", "reference_id": "RHSA-2023:1438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1439", "reference_id": "RHSA-2023:1439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1440", "reference_id": "RHSA-2023:1440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1441", "reference_id": "RHSA-2023:1441", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1441" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2022", "reference_id": "RHSA-2023:2022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2165", "reference_id": "RHSA-2023:2165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2932", "reference_id": "RHSA-2023:2932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3420", "reference_id": "RHSA-2023:3420", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3420" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3421", "reference_id": "RHSA-2023:3421", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3421" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4124", "reference_id": "RHSA-2023:4124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4128", "reference_id": "RHSA-2023:4128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4252", "reference_id": "RHSA-2023:4252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5209", "reference_id": "RHSA-2023:5209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5136", "reference_id": "RHSA-2024:5136", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5136" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6095", "reference_id": "RHSA-2024:6095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7733", "reference_id": "RHSA-2025:7733", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7733" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7895", "reference_id": "RHSA-2025:7895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7937", "reference_id": "RHSA-2025:7937", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7937" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" }, { "reference_url": "https://usn.ubuntu.com/5845-1/", "reference_id": "USN-5845-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5845-1/" }, { "reference_url": "https://usn.ubuntu.com/5845-2/", "reference_id": "USN-5845-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5845-2/" }, { "reference_url": "https://usn.ubuntu.com/6564-1/", "reference_id": "USN-6564-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6564-1/" }, { "reference_url": "https://usn.ubuntu.com/7894-1/", "reference_id": "USN-7894-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7894-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" } ], "aliases": [ "CVE-2023-0286", "GHSA-x4qr-2fvf-3mr5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2wm-3tk7-wbbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16376?format=api", "vulnerability_id": "VCID-xqt3-3um9-8faq", "summary": "NULL Pointer Dereference\nA NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77056", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77029", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.7701", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77042", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77081", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01007", "scoring_system": "epss", "scoring_elements": "0.77061", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0401" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/alexcrichton/openssl-src-rs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/alexcrichton/openssl-src-rs" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/" } ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2023-0013.html" }, { "reference_url": "https://security.gentoo.org/glsa/202402-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/" } ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "reference_url": "https://www.openssl.org/news/secadv/20230207.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/" } ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "reference_id": "2164500", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164500" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", "reference_id": "CVE-2023-0401", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0401" }, { "reference_url": "https://github.com/advisories/GHSA-vrh7-x64v-7vxq", "reference_id": "GHSA-vrh7-x64v-7vxq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vrh7-x64v-7vxq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0946", "reference_id": "RHSA-2023:0946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1199", "reference_id": "RHSA-2023:1199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1199" }, { "reference_url": "https://usn.ubuntu.com/5844-1/", "reference_id": "USN-5844-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5844-1/" }, { "reference_url": "https://usn.ubuntu.com/6564-1/", "reference_id": "USN-6564-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6564-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382424?format=api", "purl": "pkg:apk/alpine/openssl@3.0.8-r0?arch=armhf&distroversion=v3.20&reponame=main", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" } ], "aliases": [ "CVE-2023-0401", "GHSA-vrh7-x64v-7vxq" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqt3-3um9-8faq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@3.0.8-r0%3Farch=armhf&distroversion=v3.20&reponame=main" }