Package Instance

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id	1034720
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2182561
reference_id	2182561
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2182561

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0465
reference_id	CVE-2023-0465
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0465

reference_url

reference_id

msg00011.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

reference_url

https://security.netapp.com/advisory/ntap-20230414-0001/

reference_id

ntap-20230414-0001

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/

url

https://security.netapp.com/advisory/ntap-20230414-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:3722
reference_id	RHSA-2023:3722
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3722

reference_url	https://access.redhat.com/errata/RHSA-2023:7622
reference_id	RHSA-2023:7622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7622

reference_url	https://access.redhat.com/errata/RHSA-2023:7623
reference_id	RHSA-2023:7623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7623

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2023-0465

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bn8-6xa9-fqe4

url VCID-8uhr-19zz-n3b7

vulnerability_id VCID-8uhr-19zz-n3b7

summary

Allocation of Resources Without Limits or Throttling
Issue summary: Processing some specially crafted ASN.1 object identifiers or
data containing them may be very slow.

Impact summary: Applications that use OBJ_obj2txt() directly, or use any of
the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message
size limit may experience notable to very long delays when processing those
messages, which may lead to a Denial of Service.

An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -
most of which have no size limit. OBJ_obj2txt() may be used to translate
an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL
type ASN1_OBJECT) to its canonical numeric text form, which are the
sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by
periods.

When one of the sub-identifiers in the OBJECT IDENTIFIER is very large
(these are sizes that are seen as absurdly large, taking up tens or hundreds
of KiBs), the translation to a decimal number in text may take a very long
time. The time complexity is O(n^2) with 'n' being the size of the
sub-identifiers in bytes (*).

With OpenSSL 3.0, support to fetch cryptographic algorithms using names /
identifiers in string form was introduced. This includes using OBJECT
IDENTIFIERs in canonical numeric text form as identifiers for fetching
algorithms.

Such OBJECT IDENTIFIERs may be received through the ASN.1 structure
AlgorithmIdentifier, which is commonly used in multiple protocols to specify
what cryptographic algorithm should be used to sign or verify, encrypt or
decrypt, or digest passed data.

Applications that call OBJ_obj2txt() directly with untrusted data are
affected, with any version of OpenSSL. If the use is for the mere purpose
of display, the severity is considered low.

In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,
CMS, CMP/CRMF or TS. It also impacts anything that processes X.509
certificates, including simple things like verifying its signature.

The impact on TLS is relatively low, because all versions of OpenSSL have a
100KiB limit on the peer's certificate chain. Additionally, this only
impacts clients, or servers that have explicitly enabled client
authentication.

In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,
such as X.509 certificates. This is assumed to not happen in such a way
that it would cause a Denial of Service, so these versions are considered
not affected by this issue in such a way that it would be cause for concern,
and the severity is therefore considered low.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2650.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2650.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-2650

reference_id

reference_type

scores

value	0.92003
scoring_system	epss
scoring_elements	0.99696
published_at	2026-04-02T12:55:00Z

value	0.92003
scoring_system	epss
scoring_elements	0.99701
published_at	2026-04-16T12:55:00Z

value	0.92003
scoring_system	epss
scoring_elements	0.99697
published_at	2026-04-04T12:55:00Z

value	0.92003
scoring_system	epss
scoring_elements	0.99698
published_at	2026-04-07T12:55:00Z

value	0.92003
scoring_system	epss
scoring_elements	0.99699
published_at	2026-04-09T12:55:00Z

value	0.92003
scoring_system	epss
scoring_elements	0.997
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-2650

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a

reference_url

https://www.debian.org/security/2023/dsa-5417

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://www.debian.org/security/2023/dsa-5417

reference_url

https://www.openssl.org/news/secadv/20230530.txt

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://www.openssl.org/news/secadv/20230530.txt

reference_url

http://www.openwall.com/lists/oss-security/2023/05/30/1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

http://www.openwall.com/lists/oss-security/2023/05/30/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2207947
reference_id	2207947
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2207947

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-2650
reference_id	CVE-2023-2650
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-2650

reference_url

https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

reference_id

msg00011.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

reference_url

https://security.netapp.com/advisory/ntap-20230703-0001/

reference_id

ntap-20230703-0001

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://security.netapp.com/advisory/ntap-20230703-0001/

reference_url

https://security.netapp.com/advisory/ntap-20231027-0009/

reference_id

ntap-20231027-0009

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://security.netapp.com/advisory/ntap-20231027-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:3722
reference_id	RHSA-2023:3722
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3722

reference_url	https://access.redhat.com/errata/RHSA-2023:6330
reference_id	RHSA-2023:6330
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6330

reference_url	https://access.redhat.com/errata/RHSA-2023:7622
reference_id	RHSA-2023:7622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7622

reference_url	https://access.redhat.com/errata/RHSA-2023:7623
reference_id	RHSA-2023:7623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7623

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009

reference_id

SNWLID-2023-0009

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009

reference_url	https://usn.ubuntu.com/6119-1/
reference_id	USN-6119-1
reference_type
scores
url	https://usn.ubuntu.com/6119-1/

reference_url	https://usn.ubuntu.com/6188-1/
reference_id	USN-6188-1
reference_type
scores
url	https://usn.ubuntu.com/6188-1/

reference_url	https://usn.ubuntu.com/6672-1/
reference_id	USN-6672-1
reference_type
scores
url	https://usn.ubuntu.com/6672-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2023-2650

risk_score 10.0

exploitability 2.0

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uhr-19zz-n3b7

url VCID-95ub-7a6n-afdg

vulnerability_id VCID-95ub-7a6n-afdg

summary openssl: the c_rehash script allows command injection

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2068

reference_id

reference_type

scores

value	0.1858
scoring_system	epss
scoring_elements	0.95267
published_at	2026-04-16T12:55:00Z

value	0.1858
scoring_system	epss
scoring_elements	0.95233
published_at	2026-04-02T12:55:00Z

value	0.1858
scoring_system	epss
scoring_elements	0.95235
published_at	2026-04-04T12:55:00Z

value	0.1858
scoring_system	epss
scoring_elements	0.95239
published_at	2026-04-07T12:55:00Z

value	0.1858
scoring_system	epss
scoring_elements	0.95247
published_at	2026-04-08T12:55:00Z

value	0.1858
scoring_system	epss
scoring_elements	0.9525
published_at	2026-04-09T12:55:00Z

value	0.1858
scoring_system	epss
scoring_elements	0.95255
published_at	2026-04-11T12:55:00Z

value	0.1858
scoring_system	epss
scoring_elements	0.95256
published_at	2026-04-12T12:55:00Z

value	0.1858
scoring_system	epss
scoring_elements	0.95258
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7

reference_url

https://www.openssl.org/news/secadv/20220621.txt

reference_id

20220621.txt

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/

url

https://www.openssl.org/news/secadv/20220621.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2097310
reference_id	2097310
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2097310

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/

reference_id

6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/

reference_url

https://security.archlinux.org/AVG-2765

reference_id

AVG-2765

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2765

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-2068
reference_id	CVE-2022-2068
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-2068

reference_url

https://www.debian.org/security/2022/dsa-5169

reference_id

dsa-5169

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/

url

https://www.debian.org/security/2022/dsa-5169

reference_url

https://security.netapp.com/advisory/ntap-20220707-0008/

reference_id

ntap-20220707-0008

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/

url

https://security.netapp.com/advisory/ntap-20220707-0008/

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa

reference_id

?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9

reference_id

?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7

reference_id

?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7

reference_url	https://access.redhat.com/errata/RHSA-2022:5818
reference_id	RHSA-2022:5818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5818

reference_url	https://access.redhat.com/errata/RHSA-2022:6224
reference_id	RHSA-2022:6224
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6224

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://access.redhat.com/errata/RHSA-2022:8913
reference_id	RHSA-2022:8913
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8913

reference_url	https://access.redhat.com/errata/RHSA-2022:8917
reference_id	RHSA-2022:8917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8917

reference_url	https://access.redhat.com/errata/RHSA-2023:5931
reference_id	RHSA-2023:5931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5931

reference_url	https://access.redhat.com/errata/RHSA-2023:5979
reference_id	RHSA-2023:5979
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5979

reference_url	https://access.redhat.com/errata/RHSA-2023:5980
reference_id	RHSA-2023:5980
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5980

reference_url	https://access.redhat.com/errata/RHSA-2023:5982
reference_id	RHSA-2023:5982
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5982

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

reference_url	https://usn.ubuntu.com/5488-1/
reference_id	USN-5488-1
reference_type
scores
url	https://usn.ubuntu.com/5488-1/

reference_url	https://usn.ubuntu.com/5488-2/
reference_id	USN-5488-2
reference_type
scores
url	https://usn.ubuntu.com/5488-2/

reference_url	https://usn.ubuntu.com/6457-1/
reference_id	USN-6457-1
reference_type
scores
url	https://usn.ubuntu.com/6457-1/

reference_url	https://usn.ubuntu.com/7018-1/
reference_id	USN-7018-1
reference_type
scores
url	https://usn.ubuntu.com/7018-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

reference_id

VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

fixed_packages

url pkg:deb/debian/openssl@1.1.1n-0%2Bdeb10u3

purl pkg:deb/debian/openssl@1.1.1n-0%2Bdeb10u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bn8-6xa9-fqe4

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-8uhr-19zz-n3b7

vulnerability	VCID-95ub-7a6n-afdg

vulnerability	VCID-9gqm-1tcm-2kga

vulnerability	VCID-aens-jq7w-f7bh

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-d83w-756y-3bfv

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-frd6-gt2a-afhv

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gnpm-mnpa-3kdg

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hjgb-ch1w-nbfs

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-q2ae-5r8q-3fbv

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-vhkt-tbz6-wuf7

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-x2wm-3tk7-wbbv

vulnerability	VCID-xnhs-4v7t-p3hv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1n-0%252Bdeb10u3

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2022-2068

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ub-7a6n-afdg

url VCID-9gqm-1tcm-2kga

vulnerability_id VCID-9gqm-1tcm-2kga

summary

Improper Certificate Validation
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0464.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0464.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0464

reference_id

reference_type

scores

value	0.00857
scoring_system	epss
scoring_elements	0.74974
published_at	2026-04-04T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74945
published_at	2026-04-02T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74949
published_at	2026-04-07T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74983
published_at	2026-04-08T12:55:00Z

value	0.00968
scoring_system	epss
scoring_elements	0.76623
published_at	2026-04-11T12:55:00Z

value	0.00968
scoring_system	epss
scoring_elements	0.76635
published_at	2026-04-16T12:55:00Z

value	0.00968
scoring_system	epss
scoring_elements	0.76593
published_at	2026-04-13T12:55:00Z

value	0.00968
scoring_system	epss
scoring_elements	0.76602
published_at	2026-04-12T12:55:00Z

value	0.00995
scoring_system	epss
scoring_elements	0.76931
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0464

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1

reference_url

https://www.openssl.org/news/secadv/20230322.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/

url

https://www.openssl.org/news/secadv/20230322.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id	1034720
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2181082
reference_id	2181082
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2181082

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0464
reference_id	CVE-2023-0464
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0464

reference_url

https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

reference_id

msg00011.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

reference_url	https://access.redhat.com/errata/RHSA-2023:3722
reference_id	RHSA-2023:3722
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3722

reference_url	https://access.redhat.com/errata/RHSA-2023:7622
reference_id	RHSA-2023:7622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7622

reference_url	https://access.redhat.com/errata/RHSA-2023:7623
reference_id	RHSA-2023:7623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7623

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://usn.ubuntu.com/6039-1/
reference_id	USN-6039-1
reference_type
scores
url	https://usn.ubuntu.com/6039-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2023-0464

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqm-1tcm-2kga

url VCID-aens-jq7w-f7bh

vulnerability_id VCID-aens-jq7w-f7bh

summary

Double Free
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4450

reference_id

reference_type

scores

value	0.00147
scoring_system	epss
scoring_elements	0.35217
published_at	2026-04-16T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35178
published_at	2026-04-13T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35202
published_at	2026-04-12T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35237
published_at	2026-04-11T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35234
published_at	2026-04-09T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35209
published_at	2026-04-08T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35164
published_at	2026-04-07T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35283
published_at	2026-04-04T12:55:00Z

value	0.00147
scoring_system	epss
scoring_elements	0.35255
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4450

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0010.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0010.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4450

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164494
reference_id	2164494
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164494

reference_url

reference_id

CVE-2022-4450

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4450

reference_url

https://github.com/advisories/GHSA-v5w6-wcm8-jm4q

reference_id

GHSA-v5w6-wcm8-jm4q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v5w6-wcm8-jm4q

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://access.redhat.com/errata/RHSA-2023:1405
reference_id	RHSA-2023:1405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1405

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url	https://access.redhat.com/errata/RHSA-2023:2932
reference_id	RHSA-2023:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2932

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3408
reference_id	RHSA-2023:3408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3408

reference_url	https://access.redhat.com/errata/RHSA-2023:3420
reference_id	RHSA-2023:3420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3420

reference_url	https://access.redhat.com/errata/RHSA-2023:3421
reference_id	RHSA-2023:3421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3421

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2022-4450, GHSA-v5w6-wcm8-jm4q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aens-jq7w-f7bh

url VCID-d83w-756y-3bfv

vulnerability_id VCID-d83w-756y-3bfv

summary

Use After Free
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0215

reference_id

reference_type

scores

value	0.00503
scoring_system	epss
scoring_elements	0.66144
published_at	2026-04-16T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66108
published_at	2026-04-13T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66138
published_at	2026-04-12T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66151
published_at	2026-04-11T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66131
published_at	2026-04-09T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66075
published_at	2026-04-02T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66119
published_at	2026-04-08T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66103
published_at	2026-04-04T12:55:00Z

value	0.00503
scoring_system	epss
scoring_elements	0.66071
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0009.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0009.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://security.netapp.com/advisory/ntap-20230427-0007

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230427-0007

reference_url

https://security.netapp.com/advisory/ntap-20230427-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230427-0009

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0215

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164492
reference_id	2164492
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164492

reference_url

reference_id

CVE-2023-0215

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0215

reference_url

https://github.com/advisories/GHSA-r7jw-wp68-3xch

reference_id

GHSA-r7jw-wp68-3xch

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7jw-wp68-3xch

reference_url

https://security.netapp.com/advisory/ntap-20230427-0007/

reference_id

ntap-20230427-0007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://security.netapp.com/advisory/ntap-20230427-0007/

reference_url

https://security.netapp.com/advisory/ntap-20230427-0009/

reference_id

ntap-20230427-0009

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://security.netapp.com/advisory/ntap-20230427-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://access.redhat.com/errata/RHSA-2023:1405
reference_id	RHSA-2023:1405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1405

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url	https://access.redhat.com/errata/RHSA-2023:2932
reference_id	RHSA-2023:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2932

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3408
reference_id	RHSA-2023:3408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3408

reference_url	https://access.redhat.com/errata/RHSA-2023:3420
reference_id	RHSA-2023:3420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3420

reference_url	https://access.redhat.com/errata/RHSA-2023:3421
reference_id	RHSA-2023:3421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3421

reference_url	https://access.redhat.com/errata/RHSA-2023:4128
reference_id	RHSA-2023:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4128

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/5845-1/
reference_id	USN-5845-1
reference_type
scores
url	https://usn.ubuntu.com/5845-1/

reference_url	https://usn.ubuntu.com/5845-2/
reference_id	USN-5845-2
reference_type
scores
url	https://usn.ubuntu.com/5845-2/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2023-0215, GHSA-r7jw-wp68-3xch

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d83w-756y-3bfv

url VCID-frd6-gt2a-afhv

vulnerability_id VCID-frd6-gt2a-afhv

summary Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2097

reference_id

reference_type

scores

value	0.00318
scoring_system	epss
scoring_elements	0.54836
published_at	2026-04-02T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54884
published_at	2026-04-16T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54847
published_at	2026-04-13T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.5487
published_at	2026-04-12T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54888
published_at	2026-04-11T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54876
published_at	2026-04-09T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54879
published_at	2026-04-08T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.5486
published_at	2026-04-04T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54829
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2097

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/alexcrichton/openssl-src-rs

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/alexcrichton/openssl-src-rs

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93

reference_url

https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2097

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2097

reference_url

https://rustsec.org/advisories/RUSTSEC-2022-0032.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2022-0032.html

reference_url

https://security.netapp.com/advisory/ntap-20220715-0011

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220715-0011

reference_url

https://security.netapp.com/advisory/ntap-20230420-0008

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230420-0008

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://www.debian.org/security/2023/dsa-5343

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://www.debian.org/security/2023/dsa-5343

reference_url

https://www.openssl.org/news/secadv/20220705.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://www.openssl.org/news/secadv/20220705.txt

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424
reference_id	1023424
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2104905
reference_id	2104905
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2104905

reference_url

https://github.com/advisories/GHSA-3wx7-46ch-7rq2

reference_id

GHSA-3wx7-46ch-7rq2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3wx7-46ch-7rq2

reference_url

reference_id

GLSA-202210-02

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://security.netapp.com/advisory/ntap-20220715-0011/

reference_url

reference_id

ntap-20220715-0011

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://security.netapp.com/advisory/ntap-20220715-0011/

reference_url

https://security.netapp.com/advisory/ntap-20230420-0008/

reference_id

ntap-20230420-0008

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://security.netapp.com/advisory/ntap-20230420-0008/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/

reference_id

R6CK57NBQFTPUMXAPJURCGXUYT76NQAK

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/

reference_url	https://access.redhat.com/errata/RHSA-2022:5818
reference_id	RHSA-2022:5818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5818

reference_url	https://access.redhat.com/errata/RHSA-2022:6224
reference_id	RHSA-2022:6224
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6224

reference_url	https://usn.ubuntu.com/5502-1/
reference_id	USN-5502-1
reference_type
scores
url	https://usn.ubuntu.com/5502-1/

reference_url	https://usn.ubuntu.com/6457-1/
reference_id	USN-6457-1
reference_type
scores
url	https://usn.ubuntu.com/6457-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/

reference_id

V6567JERRHHJW2GNGJGKDRNHR7SNPZK7

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

reference_id

VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2022-2097, GHSA-3wx7-46ch-7rq2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frd6-gt2a-afhv

url VCID-gnpm-mnpa-3kdg

vulnerability_id VCID-gnpm-mnpa-3kdg

summary

Timing based side channel
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4304

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.48959
published_at	2026-04-16T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48911
published_at	2026-04-13T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48903
published_at	2026-04-12T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48929
published_at	2026-04-11T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48915
published_at	2026-04-08T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48861
published_at	2026-04-07T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48907
published_at	2026-04-04T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48881
published_at	2026-04-02T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48912
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4304

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0007.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0007.html

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4304

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164487
reference_id	2164487
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164487

reference_url

reference_id

CVE-2022-4304

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4304

reference_url

https://github.com/advisories/GHSA-p52g-cm5j-mjv4

reference_id

GHSA-p52g-cm5j-mjv4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p52g-cm5j-mjv4

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://access.redhat.com/errata/RHSA-2023:1405
reference_id	RHSA-2023:1405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1405

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url	https://access.redhat.com/errata/RHSA-2023:2932
reference_id	RHSA-2023:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2932

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3408
reference_id	RHSA-2023:3408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3408

reference_url	https://access.redhat.com/errata/RHSA-2023:3420
reference_id	RHSA-2023:3420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3420

reference_url	https://access.redhat.com/errata/RHSA-2023:3421
reference_id	RHSA-2023:3421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3421

reference_url	https://access.redhat.com/errata/RHSA-2023:4128
reference_id	RHSA-2023:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4128

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2022-4304, GHSA-p52g-cm5j-mjv4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpm-mnpa-3kdg

url VCID-hjgb-ch1w-nbfs

vulnerability_id VCID-hjgb-ch1w-nbfs

summary

Improper Certificate Validation
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0466

reference_id

reference_type

scores

value	0.00711
scoring_system	epss
scoring_elements	0.72206
published_at	2026-04-02T12:55:00Z

value	0.00711
scoring_system	epss
scoring_elements	0.72242
published_at	2026-04-13T12:55:00Z

value	0.00711
scoring_system	epss
scoring_elements	0.72256
published_at	2026-04-12T12:55:00Z

value	0.00711
scoring_system	epss
scoring_elements	0.72272
published_at	2026-04-11T12:55:00Z

value	0.00711
scoring_system	epss
scoring_elements	0.7225
published_at	2026-04-09T12:55:00Z

value	0.00711
scoring_system	epss
scoring_elements	0.72238
published_at	2026-04-08T12:55:00Z

value	0.00711
scoring_system	epss
scoring_elements	0.72226
published_at	2026-04-04T12:55:00Z

value	0.00711
scoring_system	epss
scoring_elements	0.72201
published_at	2026-04-07T12:55:00Z

value	0.00825
scoring_system	epss
scoring_elements	0.74492
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id	1034720
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2182565
reference_id	2182565
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2182565

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-0466
reference_id	CVE-2023-0466
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-0466

reference_url

reference_id

msg00011.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/

url

https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

reference_url

https://security.netapp.com/advisory/ntap-20230414-0001/

reference_id

ntap-20230414-0001

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/

url

https://security.netapp.com/advisory/ntap-20230414-0001/

reference_url	https://access.redhat.com/errata/RHSA-2023:3722
reference_id	RHSA-2023:3722
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3722

reference_url	https://access.redhat.com/errata/RHSA-2023:7622
reference_id	RHSA-2023:7622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7622

reference_url	https://access.redhat.com/errata/RHSA-2023:7623
reference_id	RHSA-2023:7623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7623

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://usn.ubuntu.com/6039-1/
reference_id	USN-6039-1
reference_type
scores
url	https://usn.ubuntu.com/6039-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2023-0466

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjgb-ch1w-nbfs

url VCID-q2ae-5r8q-3fbv

vulnerability_id VCID-q2ae-5r8q-3fbv

summary

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The `c_rehash` script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the `c_rehash` script is considered obsolete and should be replaced by the OpenSSL `rehash` command line tool.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1292

reference_id

reference_type

scores

value	0.38986
scoring_system	epss
scoring_elements	0.97278
published_at	2026-04-16T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.97246
published_at	2026-04-01T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.97271
published_at	2026-04-13T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.97257
published_at	2026-04-04T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.97252
published_at	2026-04-02T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.9727
published_at	2026-04-12T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.97269
published_at	2026-04-11T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.97258
published_at	2026-04-07T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.97265
published_at	2026-04-08T12:55:00Z

value	0.38986
scoring_system	epss
scoring_elements	0.97266
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1292

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb

reference_url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
reference_id
reference_type
scores
url	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23

reference_url

https://www.openssl.org/news/secadv/20220503.txt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://www.openssl.org/news/secadv/20220503.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2081494
reference_id	2081494
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2081494

reference_url

https://security.archlinux.org/AVG-2702

reference_id

AVG-2702

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2702

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-1292
reference_id	CVE-2022-1292
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-1292

reference_url

https://www.debian.org/security/2022/dsa-5139

reference_id

dsa-5139

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://www.debian.org/security/2022/dsa-5139

reference_url

reference_id

GLSA-202210-02

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html

reference_url

reference_id

msg00019.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2

reference_id

?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb

reference_id

?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb

reference_url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23

reference_id

?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23

reference_url	https://access.redhat.com/errata/RHSA-2022:5818
reference_id	RHSA-2022:5818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5818

reference_url	https://access.redhat.com/errata/RHSA-2022:6224
reference_id	RHSA-2022:6224
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6224

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://access.redhat.com/errata/RHSA-2022:8913
reference_id	RHSA-2022:8913
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8913

reference_url	https://access.redhat.com/errata/RHSA-2022:8917
reference_id	RHSA-2022:8917
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8917

reference_url	https://access.redhat.com/errata/RHSA-2023:5931
reference_id	RHSA-2023:5931
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5931

reference_url	https://access.redhat.com/errata/RHSA-2023:5979
reference_id	RHSA-2023:5979
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5979

reference_url	https://access.redhat.com/errata/RHSA-2023:5980
reference_id	RHSA-2023:5980
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5980

reference_url	https://access.redhat.com/errata/RHSA-2023:5982
reference_id	RHSA-2023:5982
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5982

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011

reference_id

SNWLID-2022-0011

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011

reference_url	https://usn.ubuntu.com/5402-1/
reference_id	USN-5402-1
reference_type
scores
url	https://usn.ubuntu.com/5402-1/

reference_url	https://usn.ubuntu.com/5402-2/
reference_id	USN-5402-2
reference_type
scores
url	https://usn.ubuntu.com/5402-2/

reference_url	https://usn.ubuntu.com/6457-1/
reference_id	USN-6457-1
reference_type
scores
url	https://usn.ubuntu.com/6457-1/

reference_url	https://usn.ubuntu.com/7018-1/
reference_id	USN-7018-1
reference_type
scores
url	https://usn.ubuntu.com/7018-1/

reference_url	https://usn.ubuntu.com/7060-1/
reference_id	USN-7060-1
reference_type
scores
url	https://usn.ubuntu.com/7060-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/

reference_id

VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/

reference_id

ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/

fixed_packages

url pkg:deb/debian/openssl@1.1.1n-0%2Bdeb10u3

purl pkg:deb/debian/openssl@1.1.1n-0%2Bdeb10u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bn8-6xa9-fqe4

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-8uhr-19zz-n3b7

vulnerability	VCID-95ub-7a6n-afdg

vulnerability	VCID-9gqm-1tcm-2kga

vulnerability	VCID-aens-jq7w-f7bh

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-d83w-756y-3bfv

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-frd6-gt2a-afhv

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gnpm-mnpa-3kdg

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hjgb-ch1w-nbfs

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-q2ae-5r8q-3fbv

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-vhkt-tbz6-wuf7

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-x2wm-3tk7-wbbv

vulnerability	VCID-xnhs-4v7t-p3hv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1n-0%252Bdeb10u3

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2022-1292

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ae-5r8q-3fbv

url VCID-vhkt-tbz6-wuf7

vulnerability_id VCID-vhkt-tbz6-wuf7

summary

Inefficient Regular Expression Complexity
Issue summary: Checking excessively long DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. One of those
checks confirms that the modulus ('p' parameter) is not too large. Trying to use
a very large modulus is slow and OpenSSL will not normally use a modulus which
is over 10,000 bits in length.

However the DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus value
even if it has already been found to be too large.

An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulernable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the '-check' option.

The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-3446

reference_id

reference_type

scores

value	0.00937
scoring_system	epss
scoring_elements	0.76138
published_at	2026-04-02T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76237
published_at	2026-04-16T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76171
published_at	2026-04-04T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76151
published_at	2026-04-07T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76184
published_at	2026-04-08T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76197
published_at	2026-04-09T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76222
published_at	2026-04-11T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76198
published_at	2026-04-12T12:55:00Z

value	0.00937
scoring_system	epss
scoring_elements	0.76196
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-3446

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23

reference_url

https://www.openssl.org/news/secadv/20230719.txt

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/

url

https://www.openssl.org/news/secadv/20230719.txt

reference_url	http://www.openwall.com/lists/oss-security/2023/07/19/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/07/19/4

reference_url	http://www.openwall.com/lists/oss-security/2023/07/19/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/07/19/5

reference_url	http://www.openwall.com/lists/oss-security/2023/07/19/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2023/07/19/6

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817
reference_id	1041817
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2224962
reference_id	2224962
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2224962

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-3446
reference_id	CVE-2023-3446
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-3446

reference_url	https://access.redhat.com/errata/RHSA-2023:7622
reference_id	RHSA-2023:7622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7622

reference_url	https://access.redhat.com/errata/RHSA-2023:7623
reference_id	RHSA-2023:7623
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7623

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2023:7877
reference_id	RHSA-2023:7877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7877

reference_url	https://access.redhat.com/errata/RHSA-2024:0154
reference_id	RHSA-2024:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0154

reference_url	https://access.redhat.com/errata/RHSA-2024:0208
reference_id	RHSA-2024:0208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0208

reference_url	https://access.redhat.com/errata/RHSA-2024:0408
reference_id	RHSA-2024:0408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0408

reference_url	https://access.redhat.com/errata/RHSA-2024:0888
reference_id	RHSA-2024:0888
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0888

reference_url	https://access.redhat.com/errata/RHSA-2024:1415
reference_id	RHSA-2024:1415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1415

reference_url	https://access.redhat.com/errata/RHSA-2024:2264
reference_id	RHSA-2024:2264
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2264

reference_url	https://access.redhat.com/errata/RHSA-2024:2447
reference_id	RHSA-2024:2447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2447

reference_url	https://usn.ubuntu.com/6435-1/
reference_id	USN-6435-1
reference_type
scores
url	https://usn.ubuntu.com/6435-1/

reference_url	https://usn.ubuntu.com/6435-2/
reference_id	USN-6435-2
reference_type
scores
url	https://usn.ubuntu.com/6435-2/

reference_url	https://usn.ubuntu.com/6450-1/
reference_id	USN-6450-1
reference_type
scores
url	https://usn.ubuntu.com/6450-1/

reference_url	https://usn.ubuntu.com/6709-1/
reference_id	USN-6709-1
reference_type
scores
url	https://usn.ubuntu.com/6709-1/

reference_url	https://usn.ubuntu.com/7018-1/
reference_id	USN-7018-1
reference_type
scores
url	https://usn.ubuntu.com/7018-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

purl pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mua-rkdu-87ay

vulnerability	VCID-7xwq-vdej-ayg1

vulnerability	VCID-87vs-4p6w-xbgq

vulnerability	VCID-8gde-1md7-5yak

vulnerability	VCID-antn-nu5a-7yf6

vulnerability	VCID-bfv6-sbnh-5uh5

vulnerability	VCID-cef8-2p5t-bff7

vulnerability	VCID-chgr-9utt-kqbp

vulnerability	VCID-efpm-7cfa-z7hx

vulnerability	VCID-f2na-rtsu-ffad

vulnerability	VCID-fwwa-41df-zqfk

vulnerability	VCID-gz4c-x1gb-muat

vulnerability	VCID-hgvf-vxhr-cye8

vulnerability	VCID-hpev-apm4-sqfw

vulnerability	VCID-jq5s-hzam-zfda

vulnerability	VCID-mg21-k76s-sqfp

vulnerability	VCID-p7ca-uc7n-mfc4

vulnerability	VCID-rgue-at15-k7a2

vulnerability	VCID-sn5k-3e59-7ba8

vulnerability	VCID-w9yg-3dbq-8qge

vulnerability	VCID-wuwm-ksb1-6qd5

vulnerability	VCID-zkc9-huk8-27bc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1

aliases CVE-2023-3446

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhkt-tbz6-wuf7

url VCID-x2wm-3tk7-wbbv

vulnerability_id VCID-x2wm-3tk7-wbbv

summary

Access of Resource Using Incompatible Type ('Type Confusion')
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0286

reference_id

reference_type

scores

value	0.88474
scoring_system	epss
scoring_elements	0.99496
published_at	2026-04-04T12:55:00Z

value	0.88474
scoring_system	epss
scoring_elements	0.99495
published_at	2026-04-02T12:55:00Z

value	0.88981
scoring_system	epss
scoring_elements	0.99525
published_at	2026-04-11T12:55:00Z

value	0.88981
scoring_system	epss
scoring_elements	0.99526
published_at	2026-04-13T12:55:00Z

value	0.88981
scoring_system	epss
scoring_elements	0.99528
published_at	2026-04-16T12:55:00Z

value	0.89087
scoring_system	epss
scoring_elements	0.99529
published_at	2026-04-09T12:55:00Z

value	0.89087
scoring_system	epss
scoring_elements	0.99528
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0286

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286

reference_url

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

reference_url

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0006.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0006.html

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url