Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-pr1d-efrx-kbbr

Summary

POLY1305 MAC implementation corrupts XMM registers on Windows
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications on the
Windows 64 platform when running on newer X86_64 processors supporting the
AVX512-IFMA instructions.

Impact summary: If in an application that uses the OpenSSL library an attacker
can influence whether the POLY1305 MAC algorithm is used, the application
state might be corrupted with various application dependent consequences.

The POLY1305 MAC (message authentication code) implementation in OpenSSL does
not save the contents of non-volatile XMM registers on Windows 64 platform
when calculating the MAC of data larger than 64 bytes. Before returning to
the caller all the XMM registers are set to zero rather than restoring their
previous content. The vulnerable code is used only on newer x86_64 processors
supporting the AVX512-IFMA instructions.

The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However given the contents of the registers are just zeroized so
the attacker cannot put arbitrary values inside, the most likely consequence,
if any, would be an incorrect result of some application dependent
calculations or a crash leading to a denial of service.

The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3 and a malicious client can influence whether this AEAD
cipher is used by the server. This implies that server applications using
OpenSSL can be potentially impacted. However we are currently not aware of
any concrete application that would be affected by this issue therefore we
consider this a Low severity security issue.

As a workaround the AVX512-IFMA instructions support can be disabled at
runtime by setting the environment variable OPENSSL_ia32cap:

  OPENSSL_ia32cap=:~0x200000

The FIPS provider is not affected by this issue.

Aliases

alias	CVE-2023-4807

Fixed_packages

url	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.17&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.17&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.17&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.18&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.18&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.18&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.19&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.19&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.19&reponame=main

url	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=loongarch64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=loongarch64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=loongarch64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=loongarch64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=loongarch64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=riscv64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=riscv64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86&distroversion=edge&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86&distroversion=edge&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=edge&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.21&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.21&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.21&reponame=main

url	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=aarch64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=aarch64&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armhf&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armhf&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=armv7&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=armv7&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=ppc64le&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=ppc64le&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=riscv64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=riscv64&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=s390x&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=s390x&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86_64&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86_64&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.20&reponame=main
purl	pkg:apk/alpine/openssl@0?arch=x86&distroversion=v3.20&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl@0%3Farch=x86&distroversion=v3.20&reponame=main

url	pkg:apk/alpine/openssl3@0?arch=aarch64&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/openssl3@0?arch=aarch64&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=aarch64&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/openssl3@0?arch=armhf&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/openssl3@0?arch=armhf&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=armhf&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/openssl3@0?arch=armv7&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/openssl3@0?arch=armv7&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=armv7&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/openssl3@0?arch=ppc64le&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/openssl3@0?arch=ppc64le&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=ppc64le&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/openssl3@0?arch=s390x&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/openssl3@0?arch=s390x&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=s390x&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/openssl3@0?arch=x86_64&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/openssl3@0?arch=x86_64&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=x86_64&distroversion=v3.16&reponame=main

url	pkg:apk/alpine/openssl3@0?arch=x86&distroversion=v3.16&reponame=main
purl	pkg:apk/alpine/openssl3@0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/openssl3@0%3Farch=x86&distroversion=v3.16&reponame=main

url	pkg:conan/openssl@3.2.6
purl	pkg:conan/openssl@3.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.2.6

url	pkg:conan/openssl@1.1.1w
purl	pkg:conan/openssl@1.1.1w
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1w

url	pkg:deb/debian/openssl@0?distro=trixie
purl	pkg:deb/debian/openssl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0%3Fdistro=trixie

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7y4x-nrsa-mbb3

vulnerability	VCID-a6ex-h8k7-8fbx

vulnerability	VCID-cccj-zqe2-1bbw

vulnerability	VCID-mnvc-6qng-ufbb

vulnerability	VCID-q64m-j51z-6fhu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/openssl@3.0.20-1~deb12u1?distro=trixie

purl pkg:deb/debian/openssl@3.0.20-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cccj-zqe2-1bbw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.20-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.5.6-1~deb13u1?distro=trixie
purl	pkg:deb/debian/openssl@3.5.6-1~deb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.6-1~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
purl	pkg:deb/debian/openssl@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie

Affected_packages

url pkg:conan/openssl@3.1.2

purl pkg:conan/openssl@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hmk7-eeaw-syfw

vulnerability	VCID-n7xs-mgeg-jued

vulnerability	VCID-pr1d-efrx-kbbr

vulnerability	VCID-u3ks-ncv4-33f5

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.2

url pkg:conan/openssl@1.1.1

purl pkg:conan/openssl@1.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1y34-563n-83b3

vulnerability	VCID-4dsd-gb34-tbfb

vulnerability	VCID-77dz-3tvz-c7b8

vulnerability	VCID-bf5v-rz9k-9qgh

vulnerability	VCID-f7y9-1ct6-4kgk

vulnerability	VCID-fep2-jgws-6qf6

vulnerability	VCID-gsja-3j2p-byc8

vulnerability	VCID-kpk3-xbcc-jfg8

vulnerability	VCID-m27k-yxxk-mbc6

vulnerability	VCID-n7dz-yhyf-n7e7

vulnerability	VCID-pfat-4gzk-suht

vulnerability	VCID-pr1d-efrx-kbbr

vulnerability	VCID-qf59-hskb-f7ek

vulnerability	VCID-t8ve-d7kb-tyar

vulnerability	VCID-u46f-74uq-j7hy

vulnerability	VCID-xh61-hden-qbay

vulnerability	VCID-yvae-9f18-n7ep

vulnerability	VCID-znh8-j1ww-9yb4

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1

url pkg:conan/openssl@3.0.0

purl pkg:conan/openssl@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1kax-e29y-2qay

vulnerability	VCID-1y34-563n-83b3

vulnerability	VCID-4rjp-y9w5-sfak

vulnerability	VCID-5rnh-ggk4-8bdq

vulnerability	VCID-6vr9-d96b-t7cz

vulnerability	VCID-77dz-3tvz-c7b8

vulnerability	VCID-94bp-j4hm-sqb7

vulnerability	VCID-bf5v-rz9k-9qgh

vulnerability	VCID-fep2-jgws-6qf6

vulnerability	VCID-hmk7-eeaw-syfw

vulnerability	VCID-jmd8-78nq-vfg1

vulnerability	VCID-kpk3-xbcc-jfg8

vulnerability	VCID-m27k-yxxk-mbc6

vulnerability	VCID-mcrj-f2ds-c3d3

vulnerability	VCID-n7dz-yhyf-n7e7

vulnerability	VCID-n7xs-mgeg-jued

vulnerability	VCID-pfat-4gzk-suht

vulnerability	VCID-pr1d-efrx-kbbr

vulnerability	VCID-prku-34mb-d3g6

vulnerability	VCID-ptm7-pf2v-fqdc

vulnerability	VCID-qaht-xst5-pyh3

vulnerability	VCID-t8ve-d7kb-tyar

vulnerability	VCID-u3ks-ncv4-33f5

vulnerability	VCID-u4fw-w6bp-rkdq

vulnerability	VCID-vv2c-xvqf-cfdt

vulnerability	VCID-yvae-9f18-n7ep

vulnerability	VCID-znh8-j1ww-9yb4

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.0

url pkg:conan/openssl@3.1.0

purl pkg:conan/openssl@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4rjp-y9w5-sfak

vulnerability	VCID-bf5v-rz9k-9qgh

vulnerability	VCID-hmk7-eeaw-syfw

vulnerability	VCID-kpk3-xbcc-jfg8

vulnerability	VCID-n7dz-yhyf-n7e7

vulnerability	VCID-n7xs-mgeg-jued

vulnerability	VCID-pr1d-efrx-kbbr

vulnerability	VCID-t8ve-d7kb-tyar

vulnerability	VCID-u3ks-ncv4-33f5

vulnerability	VCID-u4fw-w6bp-rkdq

vulnerability	VCID-znh8-j1ww-9yb4

resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.0

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4807.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4807.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-4807

reference_id

reference_type

scores

value	0.00675
scoring_system	epss
scoring_elements	0.71792
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-4807

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff

reference_url	https://security.netapp.com/advisory/ntap-20230921-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20230921-0001/

reference_url

https://www.openssl.org/news/secadv/20230908.txt

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/

url

https://www.openssl.org/news/secadv/20230908.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2238009
reference_id	2238009
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2238009

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-4807
reference_id	CVE-2023-4807
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-4807

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	347
name	Improper Verification of Cryptographic Signature
description	The product does not verify, or incorrectly verifies, the cryptographic signature for data.

cwe_id	440
name	Expected Behavior Violation
description	A feature, API, or function does not perform according to its specification.

Exploits

Severity_range_score 7.8 - 7.8

Exploitability 0.5

Weighted_severity 7.0

Risk_score 3.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1d-efrx-kbbr

Vulnerability Instance