Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-2.el8_6?arch=1

Type rpm

Namespace redhat

Name edk2

Version 20220126gitbb1bba3d77-2.el8_6

Qualifiers

arch	1

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-1y34-563n-83b3

vulnerability_id

VCID-1y34-563n-83b3

summary

Timing based side channel
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-4304

reference_id

reference_type

scores

value	0.00224
scoring_system	epss
scoring_elements	0.4515
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-4304

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0007.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0007.html

reference_url

https://security.gentoo.org/glsa/202402-08

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/

url

https://security.gentoo.org/glsa/202402-08

reference_url

https://www.openssl.org/news/secadv/20230207.txt

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/

url

https://www.openssl.org/news/secadv/20230207.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164487
reference_id	2164487
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164487

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-4304

reference_id

CVE-2022-4304

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-4304

reference_url

https://github.com/advisories/GHSA-p52g-cm5j-mjv4

reference_id

GHSA-p52g-cm5j-mjv4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p52g-cm5j-mjv4

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://access.redhat.com/errata/RHSA-2023:1405
reference_id	RHSA-2023:1405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1405

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url	https://access.redhat.com/errata/RHSA-2023:2932
reference_id	RHSA-2023:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2932

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3408
reference_id	RHSA-2023:3408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3408

reference_url	https://access.redhat.com/errata/RHSA-2023:3420
reference_id	RHSA-2023:3420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3420

reference_url	https://access.redhat.com/errata/RHSA-2023:3421
reference_id	RHSA-2023:3421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3421

reference_url	https://access.redhat.com/errata/RHSA-2023:4128
reference_id	RHSA-2023:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4128

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

aliases

CVE-2022-4304, GHSA-p52g-cm5j-mjv4

risk_score

2.6

exploitability

0.5

weighted_severity

5.3

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-1y34-563n-83b3

url

VCID-77dz-3tvz-c7b8

vulnerability_id

VCID-77dz-3tvz-c7b8

summary

Use After Free
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0215

reference_id

reference_type

scores

value	0.0043
scoring_system	epss
scoring_elements	0.62819
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0215

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0009.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0009.html

reference_url

https://security.gentoo.org/glsa/202402-08

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://security.gentoo.org/glsa/202402-08

reference_url

https://security.netapp.com/advisory/ntap-20230427-0007

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230427-0007

reference_url

https://security.netapp.com/advisory/ntap-20230427-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230427-0009

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240621-0006

reference_url

https://www.openssl.org/news/secadv/20230207.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://www.openssl.org/news/secadv/20230207.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164492
reference_id	2164492
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164492

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-0215

reference_id

CVE-2023-0215

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0215

reference_url

https://github.com/advisories/GHSA-r7jw-wp68-3xch

reference_id

GHSA-r7jw-wp68-3xch

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7jw-wp68-3xch

reference_url

https://security.netapp.com/advisory/ntap-20230427-0007/

reference_id

ntap-20230427-0007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://security.netapp.com/advisory/ntap-20230427-0007/

reference_url

https://security.netapp.com/advisory/ntap-20230427-0009/

reference_id

ntap-20230427-0009

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://security.netapp.com/advisory/ntap-20230427-0009/

reference_url

https://security.netapp.com/advisory/ntap-20240621-0006/

reference_id

ntap-20240621-0006

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/

url

https://security.netapp.com/advisory/ntap-20240621-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://access.redhat.com/errata/RHSA-2023:1405
reference_id	RHSA-2023:1405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1405

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url	https://access.redhat.com/errata/RHSA-2023:2932
reference_id	RHSA-2023:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2932

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3408
reference_id	RHSA-2023:3408
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3408

reference_url	https://access.redhat.com/errata/RHSA-2023:3420
reference_id	RHSA-2023:3420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3420

reference_url	https://access.redhat.com/errata/RHSA-2023:3421
reference_id	RHSA-2023:3421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3421

reference_url	https://access.redhat.com/errata/RHSA-2023:4128
reference_id	RHSA-2023:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4128

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/5845-1/
reference_id	USN-5845-1
reference_type
scores
url	https://usn.ubuntu.com/5845-1/

reference_url	https://usn.ubuntu.com/5845-2/
reference_id	USN-5845-2
reference_type
scores
url	https://usn.ubuntu.com/5845-2/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

aliases

CVE-2023-0215, GHSA-r7jw-wp68-3xch

risk_score

3.4

exploitability

0.5

weighted_severity

6.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-77dz-3tvz-c7b8

url

VCID-fep2-jgws-6qf6

vulnerability_id

VCID-fep2-jgws-6qf6

summary

Access of Resource Using Incompatible Type ('Type Confusion')
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0286

reference_id

reference_type

scores

value	0.88334
scoring_system	epss
scoring_elements	0.99513
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0286

reference_url

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

reference_url

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0006.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0006.html

reference_url

https://security.gentoo.org/glsa/202402-08

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://security.gentoo.org/glsa/202402-08

reference_url

https://www.openssl.org/news/secadv/20230207.txt

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://www.openssl.org/news/secadv/20230207.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164440
reference_id	2164440
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164440

reference_url

https://access.redhat.com/security/cve/cve-2023-0286

reference_id

CVE-2023-0286

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2023-0286

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-0286

reference_id

CVE-2023-0286

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0286

reference_url

https://github.com/advisories/GHSA-x4qr-2fvf-3mr5

reference_id

GHSA-x4qr-2fvf-3mr5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x4qr-2fvf-3mr5

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5

reference_id

GHSA-x4qr-2fvf-3mr5

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://access.redhat.com/errata/RHSA-2023:1335
reference_id	RHSA-2023:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1335

reference_url	https://access.redhat.com/errata/RHSA-2023:1405
reference_id	RHSA-2023:1405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1405

reference_url	https://access.redhat.com/errata/RHSA-2023:1437
reference_id	RHSA-2023:1437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1437

reference_url	https://access.redhat.com/errata/RHSA-2023:1438
reference_id	RHSA-2023:1438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1438

reference_url	https://access.redhat.com/errata/RHSA-2023:1439
reference_id	RHSA-2023:1439
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1439

reference_url	https://access.redhat.com/errata/RHSA-2023:1440
reference_id	RHSA-2023:1440
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1440

reference_url	https://access.redhat.com/errata/RHSA-2023:1441
reference_id	RHSA-2023:1441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1441

reference_url	https://access.redhat.com/errata/RHSA-2023:2022
reference_id	RHSA-2023:2022
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2022

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url	https://access.redhat.com/errata/RHSA-2023:2932
reference_id	RHSA-2023:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2932

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3420
reference_id	RHSA-2023:3420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3420

reference_url	https://access.redhat.com/errata/RHSA-2023:3421
reference_id	RHSA-2023:3421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3421

reference_url	https://access.redhat.com/errata/RHSA-2023:4124
reference_id	RHSA-2023:4124
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4124

reference_url	https://access.redhat.com/errata/RHSA-2023:4128
reference_id	RHSA-2023:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4128

reference_url	https://access.redhat.com/errata/RHSA-2023:4252
reference_id	RHSA-2023:4252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4252

reference_url	https://access.redhat.com/errata/RHSA-2023:5209
reference_id	RHSA-2023:5209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5209

reference_url	https://access.redhat.com/errata/RHSA-2024:5136
reference_id	RHSA-2024:5136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5136

reference_url	https://access.redhat.com/errata/RHSA-2024:6095
reference_id	RHSA-2024:6095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6095

reference_url	https://access.redhat.com/errata/RHSA-2025:7733
reference_id	RHSA-2025:7733
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7733

reference_url	https://access.redhat.com/errata/RHSA-2025:7895
reference_id	RHSA-2025:7895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7895

reference_url	https://access.redhat.com/errata/RHSA-2025:7937
reference_id	RHSA-2025:7937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7937

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/5845-1/
reference_id	USN-5845-1
reference_type
scores
url	https://usn.ubuntu.com/5845-1/

reference_url	https://usn.ubuntu.com/5845-2/
reference_id	USN-5845-2
reference_type
scores
url	https://usn.ubuntu.com/5845-2/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

aliases

CVE-2023-0286, GHSA-x4qr-2fvf-3mr5

risk_score

10.0

exploitability

2.0

weighted_severity

6.7

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-fep2-jgws-6qf6

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-2.el8_6%3Farch=1

Package Instance