Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:conan/openssl@3.0.0
Typeconan
Namespace
Nameopenssl
Version3.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.6
Latest_non_vulnerable_version3.2.6
Affected_by_vulnerabilities
0
url VCID-1ggt-ugh5-jqeu
vulnerability_id VCID-1ggt-ugh5-jqeu
summary 
NULL Pointer Dereference
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0216.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0216.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0216
reference_id
reference_type
scores
0
value 0.01123
scoring_system epss
scoring_elements 0.78265
published_at 2026-04-13T12:55:00Z
1
value 0.01123
scoring_system epss
scoring_elements 0.7827
published_at 2026-04-12T12:55:00Z
2
value 0.01123
scoring_system epss
scoring_elements 0.78287
published_at 2026-04-11T12:55:00Z
3
value 0.01123
scoring_system epss
scoring_elements 0.78262
published_at 2026-04-09T12:55:00Z
4
value 0.01123
scoring_system epss
scoring_elements 0.78256
published_at 2026-04-08T12:55:00Z
5
value 0.01123
scoring_system epss
scoring_elements 0.7823
published_at 2026-04-07T12:55:00Z
6
value 0.01123
scoring_system epss
scoring_elements 0.78248
published_at 2026-04-04T12:55:00Z
7
value 0.01123
scoring_system epss
scoring_elements 0.78217
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0216
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6
4
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
5
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0011.html
6
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/
url https://security.gentoo.org/glsa/202402-08
7
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:43Z/
url https://www.openssl.org/news/secadv/20230207.txt
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164497
reference_id 2164497
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164497
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0216
reference_id CVE-2023-0216
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0216
10
reference_url https://github.com/advisories/GHSA-29xx-hcv2-c4cp
reference_id GHSA-29xx-hcv2-c4cp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29xx-hcv2-c4cp
11
reference_url https://access.redhat.com/errata/RHSA-2023:0946
reference_id RHSA-2023:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0946
12
reference_url https://access.redhat.com/errata/RHSA-2023:1199
reference_id RHSA-2023:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1199
13
reference_url https://usn.ubuntu.com/5844-1/
reference_id USN-5844-1
reference_type
scores
url https://usn.ubuntu.com/5844-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2023-0216, GHSA-29xx-hcv2-c4cp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ggt-ugh5-jqeu
1
url VCID-2by2-tzdd-kkc7
vulnerability_id VCID-2by2-tzdd-kkc7
summary 
Out-of-bounds Write
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU provides vector instructions.

Impact summary: If an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences.

The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs restores the contents of vector registers in a different order
than they are saved. Thus the contents of some of these vector registers
are corrupted when returning to the caller. The vulnerable code is used only
on newer PowerPC processors supporting the PowerISA 2.07 instructions.

The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However unless the compiler uses the vector registers for storing
pointers, the most likely consequence, if any, would be an incorrect result
of some application dependent calculations or a crash leading to a denial of
service.

The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3. If this cipher is enabled on the server a malicious
client can influence whether this AEAD cipher is used. This implies that
TLS server applications using OpenSSL can be potentially impacted. However
we are currently not aware of any concrete application that would be affected
by this issue therefore we consider this a Low severity security issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6129.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6129.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6129
reference_id
reference_type
scores
0
value 0.02502
scoring_system epss
scoring_elements 0.85285
published_at 2026-04-02T12:55:00Z
1
value 0.02502
scoring_system epss
scoring_elements 0.85344
published_at 2026-04-13T12:55:00Z
2
value 0.02502
scoring_system epss
scoring_elements 0.85303
published_at 2026-04-04T12:55:00Z
3
value 0.02502
scoring_system epss
scoring_elements 0.85305
published_at 2026-04-07T12:55:00Z
4
value 0.02502
scoring_system epss
scoring_elements 0.85327
published_at 2026-04-08T12:55:00Z
5
value 0.02502
scoring_system epss
scoring_elements 0.85336
published_at 2026-04-09T12:55:00Z
6
value 0.02502
scoring_system epss
scoring_elements 0.85349
published_at 2026-04-11T12:55:00Z
7
value 0.02502
scoring_system epss
scoring_elements 0.85348
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6129
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/
url https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35
4
reference_url https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/
url https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04
5
reference_url https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/
url https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015
6
reference_url https://www.openssl.org/news/secadv/20240109.txt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-22T14:31:57Z/
url https://www.openssl.org/news/secadv/20240109.txt
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060347
reference_id 1060347
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060347
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2257571
reference_id 2257571
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2257571
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6129
reference_id CVE-2023-6129
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-6129
10
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
11
reference_url https://access.redhat.com/errata/RHSA-2024:9088
reference_id RHSA-2024:9088
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9088
12
reference_url https://usn.ubuntu.com/6622-1/
reference_id USN-6622-1
reference_type
scores
url https://usn.ubuntu.com/6622-1/
fixed_packages
0
url pkg:conan/openssl@3.0.13
purl pkg:conan/openssl@3.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.13
1
url pkg:conan/openssl@3.1.5
purl pkg:conan/openssl@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.5
2
url pkg:conan/openssl@3.2.1
purl pkg:conan/openssl@3.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.2.1
3
url pkg:conan/openssl@3.2.6
purl pkg:conan/openssl@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.2.6
aliases CVE-2023-6129
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2by2-tzdd-kkc7
2
url VCID-3dej-wqvv-muhe
vulnerability_id VCID-3dej-wqvv-muhe
summary Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3358.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3358
reference_id
reference_type
scores
0
value 0.19455
scoring_system epss
scoring_elements 0.95372
published_at 2026-04-07T12:55:00Z
1
value 0.19455
scoring_system epss
scoring_elements 0.95389
published_at 2026-04-13T12:55:00Z
2
value 0.19455
scoring_system epss
scoring_elements 0.95387
published_at 2026-04-12T12:55:00Z
3
value 0.19455
scoring_system epss
scoring_elements 0.95382
published_at 2026-04-09T12:55:00Z
4
value 0.19455
scoring_system epss
scoring_elements 0.95379
published_at 2026-04-08T12:55:00Z
5
value 0.19455
scoring_system epss
scoring_elements 0.95361
published_at 2026-04-02T12:55:00Z
6
value 0.19455
scoring_system epss
scoring_elements 0.95368
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3358
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/alexcrichton/openssl-src-rs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3358
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3358
6
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
7
reference_url https://rustsec.org/advisories/RUSTSEC-2022-0059.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2022-0059.html
8
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202402-08
9
reference_url https://security.netapp.com/advisory/ntap-20221028-0014
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221028-0014
10
reference_url https://security.netapp.com/advisory/ntap-20221028-0014/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20221028-0014/
11
reference_url https://www.openssl.org/news/secadv/20221011.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openssl.org/news/secadv/20221011.txt
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620
reference_id 1021620
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021620
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2134740
reference_id 2134740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2134740
14
reference_url https://github.com/advisories/GHSA-4f63-89w9-3jjv
reference_id GHSA-4f63-89w9-3jjv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4f63-89w9-3jjv
15
reference_url https://access.redhat.com/errata/RHSA-2023:2523
reference_id RHSA-2023:2523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2523
16
reference_url https://usn.ubuntu.com/5710-1/
reference_id USN-5710-1
reference_type
scores
url https://usn.ubuntu.com/5710-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2022-3358, GHSA-4f63-89w9-3jjv
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3dej-wqvv-muhe
3
url VCID-5bn8-6xa9-fqe4
vulnerability_id VCID-5bn8-6xa9-fqe4
summary 
Improper Certificate Validation
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0465.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0465.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0465
reference_id
reference_type
scores
0
value 0.00449
scoring_system epss
scoring_elements 0.6356
published_at 2026-04-02T12:55:00Z
1
value 0.00449
scoring_system epss
scoring_elements 0.6362
published_at 2026-04-12T12:55:00Z
2
value 0.00449
scoring_system epss
scoring_elements 0.63587
published_at 2026-04-13T12:55:00Z
3
value 0.00449
scoring_system epss
scoring_elements 0.63552
published_at 2026-04-07T12:55:00Z
4
value 0.00449
scoring_system epss
scoring_elements 0.63604
published_at 2026-04-08T12:55:00Z
5
value 0.00449
scoring_system epss
scoring_elements 0.63621
published_at 2026-04-09T12:55:00Z
6
value 0.00449
scoring_system epss
scoring_elements 0.63636
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0465
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c
11
reference_url https://www.openssl.org/news/secadv/20230328.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://www.openssl.org/news/secadv/20230328.txt
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id 1034720
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182561
reference_id 2182561
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182561
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0465
reference_id CVE-2023-0465
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0465
15
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
16
reference_url https://security.netapp.com/advisory/ntap-20230414-0001/
reference_id ntap-20230414-0001
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://security.netapp.com/advisory/ntap-20230414-0001/
17
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
21
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
22
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
1
url pkg:conan/openssl@3.1.3
purl pkg:conan/openssl@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3
aliases CVE-2023-0465
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bn8-6xa9-fqe4
4
url VCID-6pd1-d9gx-kfc1
vulnerability_id VCID-6pd1-d9gx-kfc1
summary 
Loop with Unreachable Exit Condition ('Infinite Loop')
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4044.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4044.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4044
reference_id
reference_type
scores
0
value 0.1758
scoring_system epss
scoring_elements 0.9509
published_at 2026-04-13T12:55:00Z
1
value 0.1758
scoring_system epss
scoring_elements 0.95057
published_at 2026-04-01T12:55:00Z
2
value 0.1758
scoring_system epss
scoring_elements 0.95067
published_at 2026-04-02T12:55:00Z
3
value 0.1758
scoring_system epss
scoring_elements 0.95068
published_at 2026-04-04T12:55:00Z
4
value 0.1758
scoring_system epss
scoring_elements 0.9507
published_at 2026-04-07T12:55:00Z
5
value 0.1758
scoring_system epss
scoring_elements 0.95077
published_at 2026-04-08T12:55:00Z
6
value 0.1758
scoring_system epss
scoring_elements 0.9508
published_at 2026-04-09T12:55:00Z
7
value 0.1758
scoring_system epss
scoring_elements 0.95086
published_at 2026-04-11T12:55:00Z
8
value 0.1758
scoring_system epss
scoring_elements 0.95088
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4044
2
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=758754966791c537ea95241438454aa86f91f256
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=758754966791c537ea95241438454aa86f91f256
4
reference_url https://rustsec.org/advisories/RUSTSEC-2021-0129.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2021-0129.html
5
reference_url https://security.netapp.com/advisory/ntap-20211229-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20211229-0003
6
reference_url https://security.netapp.com/advisory/ntap-20211229-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20211229-0003/
7
reference_url https://www.openssl.org/news/secadv/20211214.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openssl.org/news/secadv/20211214.txt
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2033761
reference_id 2033761
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2033761
9
reference_url https://security.archlinux.org/AVG-2641
reference_id AVG-2641
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2641
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4044
reference_id CVE-2021-4044
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4044
11
reference_url https://github.com/advisories/GHSA-mmjf-f5jw-w72q
reference_id GHSA-mmjf-f5jw-w72q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mmjf-f5jw-w72q
fixed_packages
0
url pkg:conan/openssl@3.0.1
purl pkg:conan/openssl@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.1
aliases CVE-2021-4044, GHSA-mmjf-f5jw-w72q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pd1-d9gx-kfc1
5
url VCID-71yj-bmak-pkdu
vulnerability_id VCID-71yj-bmak-pkdu
summary Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.
references
0
reference_url http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3602.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3602.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3602
reference_id
reference_type
scores
0
value 0.83219
scoring_system epss
scoring_elements 0.99262
published_at 2026-04-04T12:55:00Z
1
value 0.83219
scoring_system epss
scoring_elements 0.99268
published_at 2026-04-12T12:55:00Z
2
value 0.83219
scoring_system epss
scoring_elements 0.99259
published_at 2026-04-02T12:55:00Z
3
value 0.83219
scoring_system epss
scoring_elements 0.99267
published_at 2026-04-13T12:55:00Z
4
value 0.83219
scoring_system epss
scoring_elements 0.99266
published_at 2026-04-08T12:55:00Z
5
value 0.83219
scoring_system epss
scoring_elements 0.99265
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3602
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/alexcrichton/openssl-src-rs
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs
5
reference_url https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3
6
reference_url https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3
7
reference_url https://github.com/rustsec/advisory-db/pull/1452
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rustsec/advisory-db/pull/1452
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3602
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3602
15
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
16
reference_url https://rustsec.org/advisories/RUSTSEC-2022-0064.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2022-0064.html
17
reference_url https://security.netapp.com/advisory/ntap-20221102-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221102-0001
18
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
19
reference_url https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00789.html
20
reference_url https://www.kb.cert.org/vuls/id/794340
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url https://www.kb.cert.org/vuls/id/794340
21
reference_url https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
reference_id
reference_type
scores
url https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
22
reference_url https://www.openssl.org/news/secadv/20221101.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url https://www.openssl.org/news/secadv/20221101.txt
23
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/15
24
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/16
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/16
25
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/17
26
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/18
27
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/19
28
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/20
29
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/21
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/21
30
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/24
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/01/24
31
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/1
32
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/10
33
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/11
34
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/12
35
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/13
36
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/14
37
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/15
38
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/2
39
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/3
40
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/5
41
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/6
42
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/7
43
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/02/9
44
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/1
45
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/10
46
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/11
47
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/2
48
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/3
49
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/5
50
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/6
51
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/7
52
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url http://www.openwall.com/lists/oss-security/2022/11/03/9
53
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2137723
reference_id 2137723
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2137723
54
reference_url https://github.com/advisories/GHSA-8rwr-x37p-mx23
reference_id GHSA-8rwr-x37p-mx23
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8rwr-x37p-mx23
55
reference_url https://security.gentoo.org/glsa/202211-01
reference_id GLSA-202211-01
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:56Z/
url https://security.gentoo.org/glsa/202211-01
56
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
57
reference_url https://access.redhat.com/errata/RHSA-2022:7288
reference_id RHSA-2022:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7288
58
reference_url https://access.redhat.com/errata/RHSA-2022:7384
reference_id RHSA-2022:7384
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7384
59
reference_url https://usn.ubuntu.com/5710-1/
reference_id USN-5710-1
reference_type
scores
url https://usn.ubuntu.com/5710-1/
fixed_packages
0
url pkg:conan/openssl@3.0.7
purl pkg:conan/openssl@3.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ggt-ugh5-jqeu
1
vulnerability VCID-8s28-acfa-kkhj
2
vulnerability VCID-ncw4-3azc-1fb5
3
vulnerability VCID-xqt3-3um9-8faq
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.7
aliases CVE-2022-3602, GHSA-8rwr-x37p-mx23
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71yj-bmak-pkdu
6
url VCID-8s28-acfa-kkhj
vulnerability_id VCID-8s28-acfa-kkhj
summary 
NULL Pointer Dereference
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0217
reference_id
reference_type
scores
0
value 0.00557
scoring_system epss
scoring_elements 0.6816
published_at 2026-04-13T12:55:00Z
1
value 0.00557
scoring_system epss
scoring_elements 0.68193
published_at 2026-04-12T12:55:00Z
2
value 0.00557
scoring_system epss
scoring_elements 0.68207
published_at 2026-04-11T12:55:00Z
3
value 0.00557
scoring_system epss
scoring_elements 0.68182
published_at 2026-04-09T12:55:00Z
4
value 0.00557
scoring_system epss
scoring_elements 0.68167
published_at 2026-04-08T12:55:00Z
5
value 0.00557
scoring_system epss
scoring_elements 0.68115
published_at 2026-04-07T12:55:00Z
6
value 0.00557
scoring_system epss
scoring_elements 0.68138
published_at 2026-04-04T12:55:00Z
7
value 0.00557
scoring_system epss
scoring_elements 0.6812
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0217
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096
4
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0012.html
5
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/
url https://security.gentoo.org/glsa/202402-08
6
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/
url https://www.openssl.org/news/secadv/20230207.txt
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164499
reference_id 2164499
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164499
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0217
reference_id CVE-2023-0217
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0217
9
reference_url https://github.com/advisories/GHSA-vxrh-cpg7-8vjr
reference_id GHSA-vxrh-cpg7-8vjr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vxrh-cpg7-8vjr
10
reference_url https://access.redhat.com/errata/RHSA-2023:0946
reference_id RHSA-2023:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0946
11
reference_url https://access.redhat.com/errata/RHSA-2023:1199
reference_id RHSA-2023:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1199
12
reference_url https://usn.ubuntu.com/5844-1/
reference_id USN-5844-1
reference_type
scores
url https://usn.ubuntu.com/5844-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2023-0217, GHSA-vxrh-cpg7-8vjr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8s28-acfa-kkhj
7
url VCID-8uhr-19zz-n3b7
vulnerability_id VCID-8uhr-19zz-n3b7
summary 
Allocation of Resources Without Limits or Throttling
Issue summary: Processing some specially crafted ASN.1 object identifiers or
data containing them may be very slow.

Impact summary: Applications that use OBJ_obj2txt() directly, or use any of
the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message
size limit may experience notable to very long delays when processing those
messages, which may lead to a Denial of Service.

An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -
most of which have no size limit. OBJ_obj2txt() may be used to translate
an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL
type ASN1_OBJECT) to its canonical numeric text form, which are the
sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by
periods.

When one of the sub-identifiers in the OBJECT IDENTIFIER is very large
(these are sizes that are seen as absurdly large, taking up tens or hundreds
of KiBs), the translation to a decimal number in text may take a very long
time. The time complexity is O(n^2) with 'n' being the size of the
sub-identifiers in bytes (*).

With OpenSSL 3.0, support to fetch cryptographic algorithms using names /
identifiers in string form was introduced. This includes using OBJECT
IDENTIFIERs in canonical numeric text form as identifiers for fetching
algorithms.

Such OBJECT IDENTIFIERs may be received through the ASN.1 structure
AlgorithmIdentifier, which is commonly used in multiple protocols to specify
what cryptographic algorithm should be used to sign or verify, encrypt or
decrypt, or digest passed data.

Applications that call OBJ_obj2txt() directly with untrusted data are
affected, with any version of OpenSSL. If the use is for the mere purpose
of display, the severity is considered low.

In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,
CMS, CMP/CRMF or TS. It also impacts anything that processes X.509
certificates, including simple things like verifying its signature.

The impact on TLS is relatively low, because all versions of OpenSSL have a
100KiB limit on the peer's certificate chain. Additionally, this only
impacts clients, or servers that have explicitly enabled client
authentication.

In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,
such as X.509 certificates. This is assumed to not happen in such a way
that it would cause a Denial of Service, so these versions are considered
not affected by this issue in such a way that it would be cause for concern,
and the severity is therefore considered low.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2650.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2650.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2650
reference_id
reference_type
scores
0
value 0.92003
scoring_system epss
scoring_elements 0.99696
published_at 2026-04-02T12:55:00Z
1
value 0.92003
scoring_system epss
scoring_elements 0.99701
published_at 2026-04-12T12:55:00Z
2
value 0.92003
scoring_system epss
scoring_elements 0.99697
published_at 2026-04-04T12:55:00Z
3
value 0.92003
scoring_system epss
scoring_elements 0.99698
published_at 2026-04-07T12:55:00Z
4
value 0.92003
scoring_system epss
scoring_elements 0.99699
published_at 2026-04-09T12:55:00Z
5
value 0.92003
scoring_system epss
scoring_elements 0.997
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2650
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
11
reference_url https://www.debian.org/security/2023/dsa-5417
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://www.debian.org/security/2023/dsa-5417
12
reference_url https://www.openssl.org/news/secadv/20230530.txt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://www.openssl.org/news/secadv/20230530.txt
13
reference_url http://www.openwall.com/lists/oss-security/2023/05/30/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url http://www.openwall.com/lists/oss-security/2023/05/30/1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2207947
reference_id 2207947
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2207947
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2650
reference_id CVE-2023-2650
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-2650
16
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
17
reference_url https://security.netapp.com/advisory/ntap-20230703-0001/
reference_id ntap-20230703-0001
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://security.netapp.com/advisory/ntap-20230703-0001/
18
reference_url https://security.netapp.com/advisory/ntap-20231027-0009/
reference_id ntap-20231027-0009
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://security.netapp.com/advisory/ntap-20231027-0009/
19
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
20
reference_url https://access.redhat.com/errata/RHSA-2023:6330
reference_id RHSA-2023:6330
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6330
21
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
22
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
23
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
24
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
25
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009
reference_id SNWLID-2023-0009
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009
26
reference_url https://usn.ubuntu.com/6119-1/
reference_id USN-6119-1
reference_type
scores
url https://usn.ubuntu.com/6119-1/
27
reference_url https://usn.ubuntu.com/6188-1/
reference_id USN-6188-1
reference_type
scores
url https://usn.ubuntu.com/6188-1/
28
reference_url https://usn.ubuntu.com/6672-1/
reference_id USN-6672-1
reference_type
scores
url https://usn.ubuntu.com/6672-1/
29
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
1
url pkg:conan/openssl@3.1.3
purl pkg:conan/openssl@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3
aliases CVE-2023-2650
risk_score 10.0
exploitability 2.0
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uhr-19zz-n3b7
8
url VCID-95ub-7a6n-afdg
vulnerability_id VCID-95ub-7a6n-afdg
summary openssl: the c_rehash script allows command injection
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2068
reference_id
reference_type
scores
0
value 0.1858
scoring_system epss
scoring_elements 0.95258
published_at 2026-04-13T12:55:00Z
1
value 0.1858
scoring_system epss
scoring_elements 0.95233
published_at 2026-04-02T12:55:00Z
2
value 0.1858
scoring_system epss
scoring_elements 0.95235
published_at 2026-04-04T12:55:00Z
3
value 0.1858
scoring_system epss
scoring_elements 0.95239
published_at 2026-04-07T12:55:00Z
4
value 0.1858
scoring_system epss
scoring_elements 0.95247
published_at 2026-04-08T12:55:00Z
5
value 0.1858
scoring_system epss
scoring_elements 0.9525
published_at 2026-04-09T12:55:00Z
6
value 0.1858
scoring_system epss
scoring_elements 0.95255
published_at 2026-04-11T12:55:00Z
7
value 0.1858
scoring_system epss
scoring_elements 0.95256
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2068
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
7
reference_url https://www.openssl.org/news/secadv/20220621.txt
reference_id 20220621.txt
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/
url https://www.openssl.org/news/secadv/20220621.txt
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2097310
reference_id 2097310
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2097310
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
reference_id 6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
10
reference_url https://security.archlinux.org/AVG-2765
reference_id AVG-2765
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2765
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2068
reference_id CVE-2022-2068
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-2068
12
reference_url https://www.debian.org/security/2022/dsa-5169
reference_id dsa-5169
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/
url https://www.debian.org/security/2022/dsa-5169
13
reference_url https://security.netapp.com/advisory/ntap-20220707-0008/
reference_id ntap-20220707-0008
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/
url https://security.netapp.com/advisory/ntap-20220707-0008/
14
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
15
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
16
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
17
reference_url https://access.redhat.com/errata/RHSA-2022:5818
reference_id RHSA-2022:5818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5818
18
reference_url https://access.redhat.com/errata/RHSA-2022:6224
reference_id RHSA-2022:6224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6224
19
reference_url https://access.redhat.com/errata/RHSA-2022:8840
reference_id RHSA-2022:8840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8840
20
reference_url https://access.redhat.com/errata/RHSA-2022:8841
reference_id RHSA-2022:8841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8841
21
reference_url https://access.redhat.com/errata/RHSA-2022:8913
reference_id RHSA-2022:8913
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8913
22
reference_url https://access.redhat.com/errata/RHSA-2022:8917
reference_id RHSA-2022:8917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8917
23
reference_url https://access.redhat.com/errata/RHSA-2023:5931
reference_id RHSA-2023:5931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5931
24
reference_url https://access.redhat.com/errata/RHSA-2023:5979
reference_id RHSA-2023:5979
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5979
25
reference_url https://access.redhat.com/errata/RHSA-2023:5980
reference_id RHSA-2023:5980
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5980
26
reference_url https://access.redhat.com/errata/RHSA-2023:5982
reference_id RHSA-2023:5982
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5982
27
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
28
reference_url https://usn.ubuntu.com/5488-1/
reference_id USN-5488-1
reference_type
scores
url https://usn.ubuntu.com/5488-1/
29
reference_url https://usn.ubuntu.com/5488-2/
reference_id USN-5488-2
reference_type
scores
url https://usn.ubuntu.com/5488-2/
30
reference_url https://usn.ubuntu.com/6457-1/
reference_id USN-6457-1
reference_type
scores
url https://usn.ubuntu.com/6457-1/
31
reference_url https://usn.ubuntu.com/7018-1/
reference_id USN-7018-1
reference_type
scores
url https://usn.ubuntu.com/7018-1/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
reference_id VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:34Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
fixed_packages
0
url pkg:conan/openssl@3.0.4
purl pkg:conan/openssl@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-99xj-17z4-1qhe
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.4
aliases CVE-2022-2068
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ub-7a6n-afdg
9
url VCID-9gqm-1tcm-2kga
vulnerability_id VCID-9gqm-1tcm-2kga
summary 
Improper Certificate Validation
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0464.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0464.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0464
reference_id
reference_type
scores
0
value 0.00857
scoring_system epss
scoring_elements 0.74974
published_at 2026-04-04T12:55:00Z
1
value 0.00857
scoring_system epss
scoring_elements 0.74949
published_at 2026-04-07T12:55:00Z
2
value 0.00857
scoring_system epss
scoring_elements 0.74983
published_at 2026-04-08T12:55:00Z
3
value 0.00857
scoring_system epss
scoring_elements 0.74945
published_at 2026-04-02T12:55:00Z
4
value 0.00968
scoring_system epss
scoring_elements 0.76623
published_at 2026-04-11T12:55:00Z
5
value 0.00968
scoring_system epss
scoring_elements 0.76593
published_at 2026-04-13T12:55:00Z
6
value 0.00968
scoring_system epss
scoring_elements 0.76602
published_at 2026-04-12T12:55:00Z
7
value 0.00995
scoring_system epss
scoring_elements 0.76931
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0464
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
11
reference_url https://www.openssl.org/news/secadv/20230322.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://www.openssl.org/news/secadv/20230322.txt
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id 1034720
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2181082
reference_id 2181082
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2181082
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0464
reference_id CVE-2023-0464
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0464
15
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
16
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
17
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
18
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
19
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
20
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
21
reference_url https://usn.ubuntu.com/6039-1/
reference_id USN-6039-1
reference_type
scores
url https://usn.ubuntu.com/6039-1/
22
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
1
url pkg:conan/openssl@3.1.3
purl pkg:conan/openssl@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3
aliases CVE-2023-0464
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqm-1tcm-2kga
10
url VCID-aens-jq7w-f7bh
vulnerability_id VCID-aens-jq7w-f7bh
summary 
Double Free
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4450.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4450
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.35178
published_at 2026-04-13T12:55:00Z
1
value 0.00147
scoring_system epss
scoring_elements 0.35255
published_at 2026-04-02T12:55:00Z
2
value 0.00147
scoring_system epss
scoring_elements 0.35283
published_at 2026-04-04T12:55:00Z
3
value 0.00147
scoring_system epss
scoring_elements 0.35164
published_at 2026-04-07T12:55:00Z
4
value 0.00147
scoring_system epss
scoring_elements 0.35209
published_at 2026-04-08T12:55:00Z
5
value 0.00147
scoring_system epss
scoring_elements 0.35234
published_at 2026-04-09T12:55:00Z
6
value 0.00147
scoring_system epss
scoring_elements 0.35237
published_at 2026-04-11T12:55:00Z
7
value 0.00147
scoring_system epss
scoring_elements 0.35202
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4450
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b
10
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
11
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0010.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0010.html
12
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/
url https://security.gentoo.org/glsa/202402-08
13
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:38Z/
url https://www.openssl.org/news/secadv/20230207.txt
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164494
reference_id 2164494
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164494
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4450
reference_id CVE-2022-4450
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4450
16
reference_url https://github.com/advisories/GHSA-v5w6-wcm8-jm4q
reference_id GHSA-v5w6-wcm8-jm4q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v5w6-wcm8-jm4q
17
reference_url https://access.redhat.com/errata/RHSA-2023:0946
reference_id RHSA-2023:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0946
18
reference_url https://access.redhat.com/errata/RHSA-2023:1199
reference_id RHSA-2023:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1199
19
reference_url https://access.redhat.com/errata/RHSA-2023:1405
reference_id RHSA-2023:1405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1405
20
reference_url https://access.redhat.com/errata/RHSA-2023:2165
reference_id RHSA-2023:2165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2165
21
reference_url https://access.redhat.com/errata/RHSA-2023:2932
reference_id RHSA-2023:2932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2932
22
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
23
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
24
reference_url https://access.redhat.com/errata/RHSA-2023:3408
reference_id RHSA-2023:3408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3408
25
reference_url https://access.redhat.com/errata/RHSA-2023:3420
reference_id RHSA-2023:3420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3420
26
reference_url https://access.redhat.com/errata/RHSA-2023:3421
reference_id RHSA-2023:3421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3421
27
reference_url https://usn.ubuntu.com/5844-1/
reference_id USN-5844-1
reference_type
scores
url https://usn.ubuntu.com/5844-1/
28
reference_url https://usn.ubuntu.com/6564-1/
reference_id USN-6564-1
reference_type
scores
url https://usn.ubuntu.com/6564-1/
29
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2022-4450, GHSA-v5w6-wcm8-jm4q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aens-jq7w-f7bh
11
url VCID-b3u8-1a2y-judf
vulnerability_id VCID-b3u8-1a2y-judf
summary 
Improper Authentication
Issue summary: The AES-SIV cipher implementation contains a bug that causes
it to ignore empty associated data entries which are unauthenticated as
a consequence.

Impact summary: Applications that use the AES-SIV algorithm and want to
authenticate empty data entries as associated data can be mislead by removing
adding or reordering such empty entries as these are ignored by the OpenSSL
implementation. We are currently unaware of any such applications.

The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with
NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such a call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated.

As this issue does not affect non-empty associated data authentication and
we expect it to be rare for an application to use empty associated data
entries this is qualified as Low severity issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2975.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2975.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2975
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.40342
published_at 2026-04-02T12:55:00Z
1
value 0.00185
scoring_system epss
scoring_elements 0.40309
published_at 2026-04-13T12:55:00Z
2
value 0.00185
scoring_system epss
scoring_elements 0.40367
published_at 2026-04-04T12:55:00Z
3
value 0.00185
scoring_system epss
scoring_elements 0.40292
published_at 2026-04-07T12:55:00Z
4
value 0.00185
scoring_system epss
scoring_elements 0.40343
published_at 2026-04-08T12:55:00Z
5
value 0.00185
scoring_system epss
scoring_elements 0.40354
published_at 2026-04-09T12:55:00Z
6
value 0.00185
scoring_system epss
scoring_elements 0.40366
published_at 2026-04-11T12:55:00Z
7
value 0.00185
scoring_system epss
scoring_elements 0.40328
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2975
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:23Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:23Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc
5
reference_url https://security.netapp.com/advisory/ntap-20230725-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230725-0004/
6
reference_url https://www.openssl.org/news/secadv/20230714.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:23Z/
url https://www.openssl.org/news/secadv/20230714.txt
7
reference_url http://www.openwall.com/lists/oss-security/2023/07/15/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/15/1
8
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/5
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041818
reference_id 1041818
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041818
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2223016
reference_id 2223016
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2223016
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2975
reference_id CVE-2023-2975
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-2975
12
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
13
reference_url https://usn.ubuntu.com/6450-1/
reference_id USN-6450-1
reference_type
scores
url https://usn.ubuntu.com/6450-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
1
url pkg:conan/openssl@3.1.3
purl pkg:conan/openssl@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3
aliases CVE-2023-2975
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b3u8-1a2y-judf
12
url VCID-d83w-756y-3bfv
vulnerability_id VCID-d83w-756y-3bfv
summary 
Use After Free
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0215
reference_id
reference_type
scores
0
value 0.00503
scoring_system epss
scoring_elements 0.66108
published_at 2026-04-13T12:55:00Z
1
value 0.00503
scoring_system epss
scoring_elements 0.66138
published_at 2026-04-12T12:55:00Z
2
value 0.00503
scoring_system epss
scoring_elements 0.66151
published_at 2026-04-11T12:55:00Z
3
value 0.00503
scoring_system epss
scoring_elements 0.66131
published_at 2026-04-09T12:55:00Z
4
value 0.00503
scoring_system epss
scoring_elements 0.66119
published_at 2026-04-08T12:55:00Z
5
value 0.00503
scoring_system epss
scoring_elements 0.66075
published_at 2026-04-02T12:55:00Z
6
value 0.00503
scoring_system epss
scoring_elements 0.66103
published_at 2026-04-04T12:55:00Z
7
value 0.00503
scoring_system epss
scoring_elements 0.66071
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0215
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
11
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
12
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0009.html
13
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/
url https://security.gentoo.org/glsa/202402-08
14
reference_url https://security.netapp.com/advisory/ntap-20230427-0007
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230427-0007
15
reference_url https://security.netapp.com/advisory/ntap-20230427-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230427-0009
16
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
17
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/
url https://www.openssl.org/news/secadv/20230207.txt
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164492
reference_id 2164492
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164492
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0215
reference_id CVE-2023-0215
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0215
20
reference_url https://github.com/advisories/GHSA-r7jw-wp68-3xch
reference_id GHSA-r7jw-wp68-3xch
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7jw-wp68-3xch
21
reference_url https://security.netapp.com/advisory/ntap-20230427-0007/
reference_id ntap-20230427-0007
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/
url https://security.netapp.com/advisory/ntap-20230427-0007/
22
reference_url https://security.netapp.com/advisory/ntap-20230427-0009/
reference_id ntap-20230427-0009
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/
url https://security.netapp.com/advisory/ntap-20230427-0009/
23
reference_url https://access.redhat.com/errata/RHSA-2023:0946
reference_id RHSA-2023:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0946
24
reference_url https://access.redhat.com/errata/RHSA-2023:1199
reference_id RHSA-2023:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1199
25
reference_url https://access.redhat.com/errata/RHSA-2023:1405
reference_id RHSA-2023:1405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1405
26
reference_url https://access.redhat.com/errata/RHSA-2023:2165
reference_id RHSA-2023:2165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2165
27
reference_url https://access.redhat.com/errata/RHSA-2023:2932
reference_id RHSA-2023:2932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2932
28
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
29
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
30
reference_url https://access.redhat.com/errata/RHSA-2023:3408
reference_id RHSA-2023:3408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3408
31
reference_url https://access.redhat.com/errata/RHSA-2023:3420
reference_id RHSA-2023:3420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3420
32
reference_url https://access.redhat.com/errata/RHSA-2023:3421
reference_id RHSA-2023:3421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3421
33
reference_url https://access.redhat.com/errata/RHSA-2023:4128
reference_id RHSA-2023:4128
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4128
34
reference_url https://usn.ubuntu.com/5844-1/
reference_id USN-5844-1
reference_type
scores
url https://usn.ubuntu.com/5844-1/
35
reference_url https://usn.ubuntu.com/5845-1/
reference_id USN-5845-1
reference_type
scores
url https://usn.ubuntu.com/5845-1/
36
reference_url https://usn.ubuntu.com/5845-2/
reference_id USN-5845-2
reference_type
scores
url https://usn.ubuntu.com/5845-2/
37
reference_url https://usn.ubuntu.com/6564-1/
reference_id USN-6564-1
reference_type
scores
url https://usn.ubuntu.com/6564-1/
38
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2023-0215, GHSA-r7jw-wp68-3xch
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d83w-756y-3bfv
13
url VCID-frd6-gt2a-afhv
vulnerability_id VCID-frd6-gt2a-afhv
summary Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in denial of service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2097
reference_id
reference_type
scores
0
value 0.00318
scoring_system epss
scoring_elements 0.54836
published_at 2026-04-02T12:55:00Z
1
value 0.00318
scoring_system epss
scoring_elements 0.54847
published_at 2026-04-13T12:55:00Z
2
value 0.00318
scoring_system epss
scoring_elements 0.5487
published_at 2026-04-12T12:55:00Z
3
value 0.00318
scoring_system epss
scoring_elements 0.54888
published_at 2026-04-11T12:55:00Z
4
value 0.00318
scoring_system epss
scoring_elements 0.54876
published_at 2026-04-09T12:55:00Z
5
value 0.00318
scoring_system epss
scoring_elements 0.54879
published_at 2026-04-08T12:55:00Z
6
value 0.00318
scoring_system epss
scoring_elements 0.54829
published_at 2026-04-07T12:55:00Z
7
value 0.00318
scoring_system epss
scoring_elements 0.5486
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2097
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/alexcrichton/openssl-src-rs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431
11
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93
12
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431
13
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93
14
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-2097
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-2097
24
reference_url https://rustsec.org/advisories/RUSTSEC-2022-0032.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2022-0032.html
25
reference_url https://security.netapp.com/advisory/ntap-20220715-0011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220715-0011
26
reference_url https://security.netapp.com/advisory/ntap-20230420-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230420-0008
27
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
28
reference_url https://www.debian.org/security/2023/dsa-5343
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://www.debian.org/security/2023/dsa-5343
29
reference_url https://www.openssl.org/news/secadv/20220705.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://www.openssl.org/news/secadv/20220705.txt
30
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424
reference_id 1023424
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1023424
31
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2104905
reference_id 2104905
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2104905
32
reference_url https://github.com/advisories/GHSA-3wx7-46ch-7rq2
reference_id GHSA-3wx7-46ch-7rq2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3wx7-46ch-7rq2
33
reference_url https://security.gentoo.org/glsa/202210-02
reference_id GLSA-202210-02
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://security.gentoo.org/glsa/202210-02
34
reference_url https://security.netapp.com/advisory/ntap-20220715-0011/
reference_id ntap-20220715-0011
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://security.netapp.com/advisory/ntap-20220715-0011/
35
reference_url https://security.netapp.com/advisory/ntap-20230420-0008/
reference_id ntap-20230420-0008
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://security.netapp.com/advisory/ntap-20230420-0008/
36
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
reference_id R6CK57NBQFTPUMXAPJURCGXUYT76NQAK
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
37
reference_url https://access.redhat.com/errata/RHSA-2022:5818
reference_id RHSA-2022:5818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5818
38
reference_url https://access.redhat.com/errata/RHSA-2022:6224
reference_id RHSA-2022:6224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6224
39
reference_url https://usn.ubuntu.com/5502-1/
reference_id USN-5502-1
reference_type
scores
url https://usn.ubuntu.com/5502-1/
40
reference_url https://usn.ubuntu.com/6457-1/
reference_id USN-6457-1
reference_type
scores
url https://usn.ubuntu.com/6457-1/
41
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
reference_id V6567JERRHHJW2GNGJGKDRNHR7SNPZK7
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
42
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
reference_id VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T19:45:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
fixed_packages
0
url pkg:conan/openssl@3.0.5
purl pkg:conan/openssl@3.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.5
aliases CVE-2022-2097, GHSA-3wx7-46ch-7rq2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frd6-gt2a-afhv
14
url VCID-gnpm-mnpa-3kdg
vulnerability_id VCID-gnpm-mnpa-3kdg
summary 
Timing based side channel
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4304
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.48911
published_at 2026-04-13T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.48903
published_at 2026-04-12T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.48929
published_at 2026-04-11T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.48912
published_at 2026-04-09T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.48915
published_at 2026-04-08T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.48861
published_at 2026-04-07T12:55:00Z
6
value 0.00255
scoring_system epss
scoring_elements 0.48907
published_at 2026-04-04T12:55:00Z
7
value 0.00255
scoring_system epss
scoring_elements 0.48881
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
9
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0007.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0007.html
10
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/
url https://security.gentoo.org/glsa/202402-08
11
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:19Z/
url https://www.openssl.org/news/secadv/20230207.txt
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164487
reference_id 2164487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164487
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4304
reference_id CVE-2022-4304
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4304
14
reference_url https://github.com/advisories/GHSA-p52g-cm5j-mjv4
reference_id GHSA-p52g-cm5j-mjv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p52g-cm5j-mjv4
15
reference_url https://access.redhat.com/errata/RHSA-2023:0946
reference_id RHSA-2023:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0946
16
reference_url https://access.redhat.com/errata/RHSA-2023:1199
reference_id RHSA-2023:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1199
17
reference_url https://access.redhat.com/errata/RHSA-2023:1405
reference_id RHSA-2023:1405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1405
18
reference_url https://access.redhat.com/errata/RHSA-2023:2165
reference_id RHSA-2023:2165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2165
19
reference_url https://access.redhat.com/errata/RHSA-2023:2932
reference_id RHSA-2023:2932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2932
20
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
21
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
22
reference_url https://access.redhat.com/errata/RHSA-2023:3408
reference_id RHSA-2023:3408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3408
23
reference_url https://access.redhat.com/errata/RHSA-2023:3420
reference_id RHSA-2023:3420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3420
24
reference_url https://access.redhat.com/errata/RHSA-2023:3421
reference_id RHSA-2023:3421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3421
25
reference_url https://access.redhat.com/errata/RHSA-2023:4128
reference_id RHSA-2023:4128
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4128
26
reference_url https://usn.ubuntu.com/5844-1/
reference_id USN-5844-1
reference_type
scores
url https://usn.ubuntu.com/5844-1/
27
reference_url https://usn.ubuntu.com/6564-1/
reference_id USN-6564-1
reference_type
scores
url https://usn.ubuntu.com/6564-1/
28
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2022-4304, GHSA-p52g-cm5j-mjv4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnpm-mnpa-3kdg
15
url VCID-gsbn-6t86-7kf9
vulnerability_id VCID-gsbn-6t86-7kf9
summary 
Loop with Unreachable Exit Condition ('Infinite Loop')
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters
references
0
reference_url http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0778
reference_id
reference_type
scores
0
value 0.06432
scoring_system epss
scoring_elements 0.91023
published_at 2026-04-04T12:55:00Z
1
value 0.07109
scoring_system epss
scoring_elements 0.91513
published_at 2026-04-07T12:55:00Z
2
value 0.07109
scoring_system epss
scoring_elements 0.91526
published_at 2026-04-08T12:55:00Z
3
value 0.07109
scoring_system epss
scoring_elements 0.91532
published_at 2026-04-09T12:55:00Z
4
value 0.07394
scoring_system epss
scoring_elements 0.91693
published_at 2026-04-01T12:55:00Z
5
value 0.07394
scoring_system epss
scoring_elements 0.91701
published_at 2026-04-02T12:55:00Z
6
value 0.07807
scoring_system epss
scoring_elements 0.91978
published_at 2026-04-13T12:55:00Z
7
value 0.08117
scoring_system epss
scoring_elements 0.92165
published_at 2026-04-11T12:55:00Z
8
value 0.08117
scoring_system epss
scoring_elements 0.92166
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0778
3
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
6
reference_url http://seclists.org/fulldisclosure/2022/May/33
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/May/33
7
reference_url http://seclists.org/fulldisclosure/2022/May/35
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/May/35
8
reference_url http://seclists.org/fulldisclosure/2022/May/38
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2022/May/38
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65
11
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83
12
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246
13
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
14
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
15
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
16
reference_url https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
17
reference_url https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG
24
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
25
reference_url https://rustsec.org/advisories/RUSTSEC-2022-0014.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2022-0014.html
26
reference_url https://security.netapp.com/advisory/ntap-20220321-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220321-0002
27
reference_url https://security.netapp.com/advisory/ntap-20220321-0002/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220321-0002/
28
reference_url https://security.netapp.com/advisory/ntap-20220429-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220429-0005
29
reference_url https://security.netapp.com/advisory/ntap-20240621-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0006
30
reference_url https://support.apple.com/kb/HT213255
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213255
31
reference_url https://support.apple.com/kb/HT213256
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213256
32
reference_url https://support.apple.com/kb/HT213257
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.apple.com/kb/HT213257
33
reference_url https://www.debian.org/security/2022/dsa-5103
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5103
34
reference_url https://www.openssl.org/news/secadv/20220315.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openssl.org/news/secadv/20220315.txt
35
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
36
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
37
reference_url https://www.tenable.com/security/tns-2022-06
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2022-06
38
reference_url https://www.tenable.com/security/tns-2022-07
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2022-07
39
reference_url https://www.tenable.com/security/tns-2022-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2022-08
40
reference_url https://www.tenable.com/security/tns-2022-09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.tenable.com/security/tns-2022-09
41
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2062202
reference_id 2062202
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2062202
42
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0778
reference_id CVE-2022-0778
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0778
43
reference_url https://github.com/advisories/GHSA-x3mh-jvjw-3xwx
reference_id GHSA-x3mh-jvjw-3xwx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x3mh-jvjw-3xwx
44
reference_url https://security.gentoo.org/glsa/202210-02
reference_id GLSA-202210-02
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202210-02
45
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
46
reference_url https://access.redhat.com/errata/RHSA-2022:1065
reference_id RHSA-2022:1065
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1065
47
reference_url https://access.redhat.com/errata/RHSA-2022:1066
reference_id RHSA-2022:1066
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1066
48
reference_url https://access.redhat.com/errata/RHSA-2022:1071
reference_id RHSA-2022:1071
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1071
49
reference_url https://access.redhat.com/errata/RHSA-2022:1073
reference_id RHSA-2022:1073
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1073
50
reference_url https://access.redhat.com/errata/RHSA-2022:1076
reference_id RHSA-2022:1076
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1076
51
reference_url https://access.redhat.com/errata/RHSA-2022:1077
reference_id RHSA-2022:1077
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1077
52
reference_url https://access.redhat.com/errata/RHSA-2022:1078
reference_id RHSA-2022:1078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1078
53
reference_url https://access.redhat.com/errata/RHSA-2022:1082
reference_id RHSA-2022:1082
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1082
54
reference_url https://access.redhat.com/errata/RHSA-2022:1091
reference_id RHSA-2022:1091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1091
55
reference_url https://access.redhat.com/errata/RHSA-2022:1112
reference_id RHSA-2022:1112
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1112
56
reference_url https://access.redhat.com/errata/RHSA-2022:1263
reference_id RHSA-2022:1263
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1263
57
reference_url https://access.redhat.com/errata/RHSA-2022:1389
reference_id RHSA-2022:1389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1389
58
reference_url https://access.redhat.com/errata/RHSA-2022:1390
reference_id RHSA-2022:1390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1390
59
reference_url https://access.redhat.com/errata/RHSA-2022:1519
reference_id RHSA-2022:1519
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1519
60
reference_url https://access.redhat.com/errata/RHSA-2022:1520
reference_id RHSA-2022:1520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1520
61
reference_url https://access.redhat.com/errata/RHSA-2022:4896
reference_id RHSA-2022:4896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4896
62
reference_url https://access.redhat.com/errata/RHSA-2022:4899
reference_id RHSA-2022:4899
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4899
63
reference_url https://access.redhat.com/errata/RHSA-2022:5326
reference_id RHSA-2022:5326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5326
64
reference_url https://usn.ubuntu.com/5328-1/
reference_id USN-5328-1
reference_type
scores
url https://usn.ubuntu.com/5328-1/
65
reference_url https://usn.ubuntu.com/5328-2/
reference_id USN-5328-2
reference_type
scores
url https://usn.ubuntu.com/5328-2/
66
reference_url https://usn.ubuntu.com/6457-1/
reference_id USN-6457-1
reference_type
scores
url https://usn.ubuntu.com/6457-1/
67
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.2
purl pkg:conan/openssl@3.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.2
aliases CVE-2022-0778, GHSA-x3mh-jvjw-3xwx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsbn-6t86-7kf9
16
url VCID-h6n1-tsqt-17bw
vulnerability_id VCID-h6n1-tsqt-17bw
summary 
Generation of Weak Initialization Vector (IV)
Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths. This can lead to potential truncation
or overruns during the initialisation of some symmetric ciphers.

Impact summary: A truncation in the IV can result in non-uniqueness,
which could result in loss of confidentiality for some cipher modes.

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after
the key and IV have been established. Any alterations to the key length,
via the "keylen" parameter or the IV length, via the "ivlen" parameter,
within the OSSL_PARAM array will not take effect as intended, potentially
causing truncation or overreading of these values. The following ciphers
and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in
loss of confidentiality. For example, when following NIST's SP 800-38D
section 8.2.1 guidance for constructing a deterministic IV for AES in
GCM mode, truncation of the counter portion could lead to IV reuse.

Both truncations and overruns of the key and overruns of the IV will
produce incorrect results and could, in some cases, trigger a memory
exception. However, these issues are not currently assessed as security
critical.

Changing the key and/or IV lengths is not considered to be a common operation
and the vulnerable API was recently introduced. Furthermore it is likely that
application developers will have spotted this problem during testing since
decryption would fail unless both peers in the communication were similarly
vulnerable. For these reasons we expect the probability of an application being
vulnerable to this to be quite low. However if an application is vulnerable then
this issue is considered very serious. For these reasons we have assessed this
issue as Moderate severity overall.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because
the issue lies outside of the FIPS provider boundary.

OpenSSL 3.1 and 3.0 is vulnerable to this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5363.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5363.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5363
reference_id
reference_type
scores
0
value 0.04745
scoring_system epss
scoring_elements 0.89419
published_at 2026-04-13T12:55:00Z
1
value 0.04745
scoring_system epss
scoring_elements 0.89383
published_at 2026-04-02T12:55:00Z
2
value 0.04745
scoring_system epss
scoring_elements 0.89394
published_at 2026-04-04T12:55:00Z
3
value 0.04745
scoring_system epss
scoring_elements 0.89396
published_at 2026-04-07T12:55:00Z
4
value 0.04745
scoring_system epss
scoring_elements 0.89412
published_at 2026-04-08T12:55:00Z
5
value 0.04745
scoring_system epss
scoring_elements 0.89416
published_at 2026-04-09T12:55:00Z
6
value 0.04745
scoring_system epss
scoring_elements 0.89425
published_at 2026-04-11T12:55:00Z
7
value 0.04745
scoring_system epss
scoring_elements 0.89423
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5363
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
5
reference_url https://security.netapp.com/advisory/ntap-20231027-0010/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231027-0010/
6
reference_url https://www.debian.org/security/2023/dsa-5532
reference_id
reference_type
scores
url https://www.debian.org/security/2023/dsa-5532
7
reference_url https://www.openssl.org/news/secadv/20231024.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/
url https://www.openssl.org/news/secadv/20231024.txt
8
reference_url http://www.openwall.com/lists/oss-security/2023/10/24/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/10/24/1
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2243839
reference_id 2243839
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2243839
10
reference_url https://security.archlinux.org/AVG-2848
reference_id AVG-2848
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2848
11
reference_url https://security.archlinux.org/AVG-2849
reference_id AVG-2849
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2849
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5363
reference_id CVE-2023-5363
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5363
13
reference_url https://access.redhat.com/errata/RHSA-2024:0310
reference_id RHSA-2024:0310
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0310
14
reference_url https://access.redhat.com/errata/RHSA-2024:0500
reference_id RHSA-2024:0500
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0500
15
reference_url https://access.redhat.com/errata/RHSA-2024:1383
reference_id RHSA-2024:1383
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1383
16
reference_url https://access.redhat.com/errata/RHSA-2024:2094
reference_id RHSA-2024:2094
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2094
17
reference_url https://usn.ubuntu.com/6450-1/
reference_id USN-6450-1
reference_type
scores
url https://usn.ubuntu.com/6450-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
1
url pkg:conan/openssl@3.1.4
purl pkg:conan/openssl@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.4
2
url pkg:conan/openssl@3.2.6
purl pkg:conan/openssl@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.2.6
aliases CVE-2023-5363
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6n1-tsqt-17bw
17
url VCID-hjgb-ch1w-nbfs
vulnerability_id VCID-hjgb-ch1w-nbfs
summary 
Improper Certificate Validation
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0466
reference_id
reference_type
scores
0
value 0.00711
scoring_system epss
scoring_elements 0.72206
published_at 2026-04-02T12:55:00Z
1
value 0.00711
scoring_system epss
scoring_elements 0.72242
published_at 2026-04-13T12:55:00Z
2
value 0.00711
scoring_system epss
scoring_elements 0.72226
published_at 2026-04-04T12:55:00Z
3
value 0.00711
scoring_system epss
scoring_elements 0.72201
published_at 2026-04-07T12:55:00Z
4
value 0.00711
scoring_system epss
scoring_elements 0.72238
published_at 2026-04-08T12:55:00Z
5
value 0.00711
scoring_system epss
scoring_elements 0.7225
published_at 2026-04-09T12:55:00Z
6
value 0.00711
scoring_system epss
scoring_elements 0.72272
published_at 2026-04-11T12:55:00Z
7
value 0.00711
scoring_system epss
scoring_elements 0.72256
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0466
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
11
reference_url https://www.openssl.org/news/secadv/20230328.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://www.openssl.org/news/secadv/20230328.txt
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id 1034720
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182565
reference_id 2182565
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182565
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0466
reference_id CVE-2023-0466
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0466
15
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
16
reference_url https://security.netapp.com/advisory/ntap-20230414-0001/
reference_id ntap-20230414-0001
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://security.netapp.com/advisory/ntap-20230414-0001/
17
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
21
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
22
reference_url https://usn.ubuntu.com/6039-1/
reference_id USN-6039-1
reference_type
scores
url https://usn.ubuntu.com/6039-1/
23
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
1
url pkg:conan/openssl@3.1.3
purl pkg:conan/openssl@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3
aliases CVE-2023-0466
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjgb-ch1w-nbfs
18
url VCID-myuq-u3as-g3ah
vulnerability_id VCID-myuq-u3as-g3ah
summary 
Carry Propagation bug
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4160.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4160
reference_id
reference_type
scores
0
value 0.00299
scoring_system epss
scoring_elements 0.53163
published_at 2026-04-01T12:55:00Z
1
value 0.00299
scoring_system epss
scoring_elements 0.53188
published_at 2026-04-02T12:55:00Z
2
value 0.00299
scoring_system epss
scoring_elements 0.53247
published_at 2026-04-13T12:55:00Z
3
value 0.00299
scoring_system epss
scoring_elements 0.53212
published_at 2026-04-04T12:55:00Z
4
value 0.00299
scoring_system epss
scoring_elements 0.5318
published_at 2026-04-07T12:55:00Z
5
value 0.00299
scoring_system epss
scoring_elements 0.53233
published_at 2026-04-08T12:55:00Z
6
value 0.00299
scoring_system epss
scoring_elements 0.53227
published_at 2026-04-09T12:55:00Z
7
value 0.00299
scoring_system epss
scoring_elements 0.53278
published_at 2026-04-11T12:55:00Z
8
value 0.00299
scoring_system epss
scoring_elements 0.53264
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4160
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4160
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3bf7b73ea7123045b8f972badc67ed6878e6c37f
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
8
reference_url https://www.openssl.org/news/secadv/20220128.txt
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/
url https://www.openssl.org/news/secadv/20220128.txt
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2048651
reference_id 2048651
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2048651
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4160
reference_id CVE-2021-4160
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-4160
11
reference_url https://security.gentoo.org/glsa/202210-02
reference_id GLSA-202210-02
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/
url https://security.gentoo.org/glsa/202210-02
12
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f
13
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7
14
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-24T15:29:13Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb
fixed_packages
0
url pkg:conan/openssl@3.0.3
purl pkg:conan/openssl@3.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.3
aliases CVE-2021-4160
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-myuq-u3as-g3ah
19
url VCID-ncw4-3azc-1fb5
vulnerability_id VCID-ncw4-3azc-1fb5
summary 
Denial of service by double-checked locking in openssl-src
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling either `X509_VERIFY_PARAM_add0_policy()' or `X509_VERIFY_PARAM_set1_policies()' functions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3996.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3996.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3996
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38614
published_at 2026-04-13T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38651
published_at 2026-04-02T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38675
published_at 2026-04-04T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38606
published_at 2026-04-07T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38657
published_at 2026-04-08T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38667
published_at 2026-04-09T12:55:00Z
6
value 0.00172
scoring_system epss
scoring_elements 0.38677
published_at 2026-04-11T12:55:00Z
7
value 0.00172
scoring_system epss
scoring_elements 0.38639
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3996
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/alexcrichton/openssl-src-rs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs
4
reference_url https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T21:11:25Z/
url https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3996
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3996
6
reference_url https://www.openssl.org/news/secadv/20221213.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-01T21:11:25Z/
url https://www.openssl.org/news/secadv/20221213.txt
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027102
reference_id 1027102
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027102
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153239
reference_id 2153239
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153239
9
reference_url https://github.com/advisories/GHSA-vr8j-hgmm-jh9r
reference_id GHSA-vr8j-hgmm-jh9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vr8j-hgmm-jh9r
10
reference_url https://usn.ubuntu.com/6039-1/
reference_id USN-6039-1
reference_type
scores
url https://usn.ubuntu.com/6039-1/
fixed_packages
0
url pkg:conan/openssl@3.0.8
purl pkg:conan/openssl@3.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.8
aliases CVE-2022-3996, GHSA-vr8j-hgmm-jh9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ncw4-3azc-1fb5
20
url VCID-q2ae-5r8q-3fbv
vulnerability_id VCID-q2ae-5r8q-3fbv
summary 
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The `c_rehash` script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the `c_rehash` script is considered obsolete and should be replaced by the OpenSSL `rehash` command line tool.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1292
reference_id
reference_type
scores
0
value 0.38986
scoring_system epss
scoring_elements 0.97271
published_at 2026-04-13T12:55:00Z
1
value 0.38986
scoring_system epss
scoring_elements 0.97246
published_at 2026-04-01T12:55:00Z
2
value 0.38986
scoring_system epss
scoring_elements 0.9727
published_at 2026-04-12T12:55:00Z
3
value 0.38986
scoring_system epss
scoring_elements 0.97265
published_at 2026-04-08T12:55:00Z
4
value 0.38986
scoring_system epss
scoring_elements 0.97258
published_at 2026-04-07T12:55:00Z
5
value 0.38986
scoring_system epss
scoring_elements 0.97252
published_at 2026-04-02T12:55:00Z
6
value 0.38986
scoring_system epss
scoring_elements 0.97269
published_at 2026-04-11T12:55:00Z
7
value 0.38986
scoring_system epss
scoring_elements 0.97266
published_at 2026-04-09T12:55:00Z
8
value 0.38986
scoring_system epss
scoring_elements 0.97257
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1292
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
7
reference_url https://www.openssl.org/news/secadv/20220503.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://www.openssl.org/news/secadv/20220503.txt
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2081494
reference_id 2081494
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2081494
9
reference_url https://security.archlinux.org/AVG-2702
reference_id AVG-2702
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2702
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1292
reference_id CVE-2022-1292
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1292
11
reference_url https://www.debian.org/security/2022/dsa-5139
reference_id dsa-5139
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://www.debian.org/security/2022/dsa-5139
12
reference_url https://security.gentoo.org/glsa/202210-02
reference_id GLSA-202210-02
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://security.gentoo.org/glsa/202210-02
13
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html
reference_id msg00019.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html
14
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
15
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
16
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
17
reference_url https://access.redhat.com/errata/RHSA-2022:5818
reference_id RHSA-2022:5818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5818
18
reference_url https://access.redhat.com/errata/RHSA-2022:6224
reference_id RHSA-2022:6224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6224
19
reference_url https://access.redhat.com/errata/RHSA-2022:8840
reference_id RHSA-2022:8840
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8840
20
reference_url https://access.redhat.com/errata/RHSA-2022:8841
reference_id RHSA-2022:8841
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8841
21
reference_url https://access.redhat.com/errata/RHSA-2022:8913
reference_id RHSA-2022:8913
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8913
22
reference_url https://access.redhat.com/errata/RHSA-2022:8917
reference_id RHSA-2022:8917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8917
23
reference_url https://access.redhat.com/errata/RHSA-2023:5931
reference_id RHSA-2023:5931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5931
24
reference_url https://access.redhat.com/errata/RHSA-2023:5979
reference_id RHSA-2023:5979
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5979
25
reference_url https://access.redhat.com/errata/RHSA-2023:5980
reference_id RHSA-2023:5980
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5980
26
reference_url https://access.redhat.com/errata/RHSA-2023:5982
reference_id RHSA-2023:5982
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5982
27
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
28
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011
reference_id SNWLID-2022-0011
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011
29
reference_url https://usn.ubuntu.com/5402-1/
reference_id USN-5402-1
reference_type
scores
url https://usn.ubuntu.com/5402-1/
30
reference_url https://usn.ubuntu.com/5402-2/
reference_id USN-5402-2
reference_type
scores
url https://usn.ubuntu.com/5402-2/
31
reference_url https://usn.ubuntu.com/6457-1/
reference_id USN-6457-1
reference_type
scores
url https://usn.ubuntu.com/6457-1/
32
reference_url https://usn.ubuntu.com/7018-1/
reference_id USN-7018-1
reference_type
scores
url https://usn.ubuntu.com/7018-1/
33
reference_url https://usn.ubuntu.com/7060-1/
reference_id USN-7060-1
reference_type
scores
url https://usn.ubuntu.com/7060-1/
34
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/
reference_id VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/
35
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/
reference_id ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:35Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/
fixed_packages
0
url pkg:conan/openssl@3.0.3
purl pkg:conan/openssl@3.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.3
aliases CVE-2022-1292
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2ae-5r8q-3fbv
21
url VCID-sn5k-3e59-7ba8
vulnerability_id VCID-sn5k-3e59-7ba8
summary 
Improper Check for Unusual or Exceptional Conditions
Issue summary: Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_generate_key() to
generate an X9.42 DH key may experience long delays. Likewise, applications
that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.

While DH_check() performs all the necessary checks (as of CVE-2023-3817),
DH_check_pub_key() does not make any of these checks, and is therefore
vulnerable for excessively large P and Q parameters.

Likewise, while DH_generate_key() performs a check for an excessively large
P, it does not check for an excessively large Q.

An application that calls DH_generate_key() or DH_check_pub_key() and
supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.

DH_generate_key() and DH_check_pub_key() are also called by a number of
other OpenSSL functions. An application calling any of those other
functions may similarly be affected. The other functions affected by this
are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

Also vulnerable are the OpenSSL pkey command line application when using the
"-pubcheck" option, as well as the OpenSSL genpkey command line application.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5678.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5678.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5678
reference_id
reference_type
scores
0
value 0.00638
scoring_system epss
scoring_elements 0.70492
published_at 2026-04-13T12:55:00Z
1
value 0.00638
scoring_system epss
scoring_elements 0.70482
published_at 2026-04-08T12:55:00Z
2
value 0.00638
scoring_system epss
scoring_elements 0.70498
published_at 2026-04-09T12:55:00Z
3
value 0.00638
scoring_system epss
scoring_elements 0.70522
published_at 2026-04-11T12:55:00Z
4
value 0.00638
scoring_system epss
scoring_elements 0.70507
published_at 2026-04-12T12:55:00Z
5
value 0.00656
scoring_system epss
scoring_elements 0.7097
published_at 2026-04-04T12:55:00Z
6
value 0.00656
scoring_system epss
scoring_elements 0.70953
published_at 2026-04-02T12:55:00Z
7
value 0.00656
scoring_system epss
scoring_elements 0.70945
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5678
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
8
reference_url https://www.openssl.org/news/secadv/20231106.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T19:42:37Z/
url https://www.openssl.org/news/secadv/20231106.txt
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055473
reference_id 1055473
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055473
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2248616
reference_id 2248616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2248616
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5678
reference_id CVE-2023-5678
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-5678
12
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
13
reference_url https://access.redhat.com/errata/RHSA-2024:0154
reference_id RHSA-2024:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0154
14
reference_url https://access.redhat.com/errata/RHSA-2024:0208
reference_id RHSA-2024:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0208
15
reference_url https://access.redhat.com/errata/RHSA-2024:1316
reference_id RHSA-2024:1316
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1316
16
reference_url https://access.redhat.com/errata/RHSA-2024:1317
reference_id RHSA-2024:1317
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1317
17
reference_url https://access.redhat.com/errata/RHSA-2024:1318
reference_id RHSA-2024:1318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1318
18
reference_url https://access.redhat.com/errata/RHSA-2024:1319
reference_id RHSA-2024:1319
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1319
19
reference_url https://access.redhat.com/errata/RHSA-2024:1325
reference_id RHSA-2024:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1325
20
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
21
reference_url https://usn.ubuntu.com/6622-1/
reference_id USN-6622-1
reference_type
scores
url https://usn.ubuntu.com/6622-1/
22
reference_url https://usn.ubuntu.com/6632-1/
reference_id USN-6632-1
reference_type
scores
url https://usn.ubuntu.com/6632-1/
23
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
24
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.13
purl pkg:conan/openssl@3.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.13
1
url pkg:conan/openssl@3.1.5
purl pkg:conan/openssl@3.1.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.5
2
url pkg:conan/openssl@3.2.6
purl pkg:conan/openssl@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.2.6
aliases CVE-2023-5678
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sn5k-3e59-7ba8
22
url VCID-t4t8-753w-zqc5
vulnerability_id VCID-t4t8-753w-zqc5
summary 
POLY1305 MAC implementation corrupts XMM registers on Windows
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications on the
Windows 64 platform when running on newer X86_64 processors supporting the
AVX512-IFMA instructions.

Impact summary: If in an application that uses the OpenSSL library an attacker
can influence whether the POLY1305 MAC algorithm is used, the application
state might be corrupted with various application dependent consequences.

The POLY1305 MAC (message authentication code) implementation in OpenSSL does
not save the contents of non-volatile XMM registers on Windows 64 platform
when calculating the MAC of data larger than 64 bytes. Before returning to
the caller all the XMM registers are set to zero rather than restoring their
previous content. The vulnerable code is used only on newer x86_64 processors
supporting the AVX512-IFMA instructions.

The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the application
process. However given the contents of the registers are just zeroized so
the attacker cannot put arbitrary values inside, the most likely consequence,
if any, would be an incorrect result of some application dependent
calculations or a crash leading to a denial of service.

The POLY1305 MAC algorithm is most frequently used as part of the
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)
algorithm. The most common usage of this AEAD cipher is with TLS protocol
versions 1.2 and 1.3 and a malicious client can influence whether this AEAD
cipher is used by the server. This implies that server applications using
OpenSSL can be potentially impacted. However we are currently not aware of
any concrete application that would be affected by this issue therefore we
consider this a Low severity security issue.

As a workaround the AVX512-IFMA instructions support can be disabled at
runtime by setting the environment variable OPENSSL_ia32cap:

  OPENSSL_ia32cap=:~0x200000

The FIPS provider is not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4807.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4807.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4807
reference_id
reference_type
scores
0
value 0.0082
scoring_system epss
scoring_elements 0.74337
published_at 2026-04-02T12:55:00Z
1
value 0.0082
scoring_system epss
scoring_elements 0.74379
published_at 2026-04-13T12:55:00Z
2
value 0.0082
scoring_system epss
scoring_elements 0.74364
published_at 2026-04-04T12:55:00Z
3
value 0.0082
scoring_system epss
scoring_elements 0.74338
published_at 2026-04-07T12:55:00Z
4
value 0.0082
scoring_system epss
scoring_elements 0.74371
published_at 2026-04-08T12:55:00Z
5
value 0.0082
scoring_system epss
scoring_elements 0.74386
published_at 2026-04-09T12:55:00Z
6
value 0.0082
scoring_system epss
scoring_elements 0.74407
published_at 2026-04-11T12:55:00Z
7
value 0.0082
scoring_system epss
scoring_elements 0.74387
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4807
2
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff
5
reference_url https://security.netapp.com/advisory/ntap-20230921-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230921-0001/
6
reference_url https://www.openssl.org/news/secadv/20230908.txt
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:06Z/
url https://www.openssl.org/news/secadv/20230908.txt
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2238009
reference_id 2238009
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2238009
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4807
reference_id CVE-2023-4807
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4807
fixed_packages
0
url pkg:conan/openssl@3.2.6
purl pkg:conan/openssl@3.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.2.6
aliases CVE-2023-4807
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t4t8-753w-zqc5
23
url VCID-t9w1-a3z2-qqar
vulnerability_id VCID-t9w1-a3z2-qqar
summary 
Out-of-bounds Read
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM
platform contains a bug that could cause it to read past the input buffer,
leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM
platform can crash in rare circumstances. The AES-XTS algorithm is usually
used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform will read
past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16
byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext
buffer is unmapped, this will trigger a crash which results in a denial of
service.

If an attacker can control the size and location of the ciphertext buffer
being decrypted by an application using AES-XTS on 64 bit ARM, the
application is affected. This is fairly unlikely making this issue
a Low severity one.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1255.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1255.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1255
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.15891
published_at 2026-04-02T12:55:00Z
1
value 0.00051
scoring_system epss
scoring_elements 0.15767
published_at 2026-04-13T12:55:00Z
2
value 0.00051
scoring_system epss
scoring_elements 0.15954
published_at 2026-04-04T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15753
published_at 2026-04-07T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15838
published_at 2026-04-08T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15899
published_at 2026-04-09T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15874
published_at 2026-04-11T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15836
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1255
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a
5
reference_url https://www.openssl.org/news/secadv/20230419.txt
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/
url https://www.openssl.org/news/secadv/20230419.txt
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id 1034720
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2188461
reference_id 2188461
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2188461
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1255
reference_id CVE-2023-1255
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-1255
9
reference_url https://security.netapp.com/advisory/ntap-20230908-0006/
reference_id ntap-20230908-0006
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/
url https://security.netapp.com/advisory/ntap-20230908-0006/
10
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
11
reference_url https://usn.ubuntu.com/6119-1/
reference_id USN-6119-1
reference_type
scores
url https://usn.ubuntu.com/6119-1/
fixed_packages
0
url pkg:conan/openssl@3.0.9
purl pkg:conan/openssl@3.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3u8-1a2y-judf
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.9
1
url pkg:conan/openssl@3.1.1
purl pkg:conan/openssl@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b3u8-1a2y-judf
1
vulnerability VCID-vhkt-tbz6-wuf7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.1
aliases CVE-2023-1255
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9w1-a3z2-qqar
24
url VCID-tk2r-atbr-73ge
vulnerability_id VCID-tk2r-atbr-73ge
summary 
Out-of-bounds Read
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4203.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4203.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4203
reference_id
reference_type
scores
0
value 0.00745
scoring_system epss
scoring_elements 0.73038
published_at 2026-04-13T12:55:00Z
1
value 0.00745
scoring_system epss
scoring_elements 0.73044
published_at 2026-04-12T12:55:00Z
2
value 0.00745
scoring_system epss
scoring_elements 0.73065
published_at 2026-04-11T12:55:00Z
3
value 0.00745
scoring_system epss
scoring_elements 0.73041
published_at 2026-04-09T12:55:00Z
4
value 0.00745
scoring_system epss
scoring_elements 0.73027
published_at 2026-04-08T12:55:00Z
5
value 0.00745
scoring_system epss
scoring_elements 0.7299
published_at 2026-04-07T12:55:00Z
6
value 0.00745
scoring_system epss
scoring_elements 0.73014
published_at 2026-04-04T12:55:00Z
7
value 0.00745
scoring_system epss
scoring_elements 0.72994
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4203
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc
4
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
5
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0008.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0008.html
6
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/
url https://security.gentoo.org/glsa/202402-08
7
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:14Z/
url https://www.openssl.org/news/secadv/20230207.txt
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164488
reference_id 2164488
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164488
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4203
reference_id CVE-2022-4203
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4203
10
reference_url https://github.com/advisories/GHSA-w67w-mw4j-8qrv
reference_id GHSA-w67w-mw4j-8qrv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w67w-mw4j-8qrv
11
reference_url https://access.redhat.com/errata/RHSA-2023:0946
reference_id RHSA-2023:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0946
12
reference_url https://access.redhat.com/errata/RHSA-2023:1199
reference_id RHSA-2023:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1199
13
reference_url https://usn.ubuntu.com/5844-1/
reference_id USN-5844-1
reference_type
scores
url https://usn.ubuntu.com/5844-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2022-4203, GHSA-w67w-mw4j-8qrv
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2r-atbr-73ge
25
url VCID-ttju-tw1d-f3ay
vulnerability_id VCID-ttju-tw1d-f3ay
summary 
Improper Certificate Validation
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1343.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1343
reference_id
reference_type
scores
0
value 0.00145
scoring_system epss
scoring_elements 0.3478
published_at 2026-04-13T12:55:00Z
1
value 0.00145
scoring_system epss
scoring_elements 0.34643
published_at 2026-04-01T12:55:00Z
2
value 0.00145
scoring_system epss
scoring_elements 0.3486
published_at 2026-04-02T12:55:00Z
3
value 0.00145
scoring_system epss
scoring_elements 0.34887
published_at 2026-04-04T12:55:00Z
4
value 0.00145
scoring_system epss
scoring_elements 0.34766
published_at 2026-04-07T12:55:00Z
5
value 0.00145
scoring_system epss
scoring_elements 0.3481
published_at 2026-04-08T12:55:00Z
6
value 0.00145
scoring_system epss
scoring_elements 0.34838
published_at 2026-04-09T12:55:00Z
7
value 0.00145
scoring_system epss
scoring_elements 0.34843
published_at 2026-04-11T12:55:00Z
8
value 0.00145
scoring_system epss
scoring_elements 0.34805
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1343
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/github/advisory-database/issues/405
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/issues/405
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
6
reference_url https://rustsec.org/advisories/RUSTSEC-2022-0027.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2022-0027.html
7
reference_url https://security.netapp.com/advisory/ntap-20220602-0009
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220602-0009
8
reference_url https://security.netapp.com/advisory/ntap-20220602-0009/
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/
url https://security.netapp.com/advisory/ntap-20220602-0009/
9
reference_url https://www.openssl.org/news/secadv/20220503.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/
url https://www.openssl.org/news/secadv/20220503.txt
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087911
reference_id 2087911
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087911
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1343
reference_id CVE-2022-1343
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1343
12
reference_url https://github.com/advisories/GHSA-mfm6-r9g2-q4r7
reference_id GHSA-mfm6-r9g2-q4r7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mfm6-r9g2-q4r7
13
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:12Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
14
reference_url https://access.redhat.com/errata/RHSA-2022:6224
reference_id RHSA-2022:6224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6224
15
reference_url https://usn.ubuntu.com/5402-1/
reference_id USN-5402-1
reference_type
scores
url https://usn.ubuntu.com/5402-1/
fixed_packages
0
url pkg:conan/openssl@3.0.3
purl pkg:conan/openssl@3.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.3
aliases CVE-2022-1343, GHSA-mfm6-r9g2-q4r7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttju-tw1d-f3ay
26
url VCID-vhkt-tbz6-wuf7
vulnerability_id VCID-vhkt-tbz6-wuf7
summary 
Inefficient Regular Expression Complexity
Issue summary: Checking excessively long DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. One of those
checks confirms that the modulus ('p' parameter) is not too large. Trying to use
a very large modulus is slow and OpenSSL will not normally use a modulus which
is over 10,000 bits in length.

However the DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus value
even if it has already been found to be too large.

An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulernable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the '-check' option.

The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3446
reference_id
reference_type
scores
0
value 0.00937
scoring_system epss
scoring_elements 0.76138
published_at 2026-04-02T12:55:00Z
1
value 0.00937
scoring_system epss
scoring_elements 0.76196
published_at 2026-04-13T12:55:00Z
2
value 0.00937
scoring_system epss
scoring_elements 0.76171
published_at 2026-04-04T12:55:00Z
3
value 0.00937
scoring_system epss
scoring_elements 0.76151
published_at 2026-04-07T12:55:00Z
4
value 0.00937
scoring_system epss
scoring_elements 0.76184
published_at 2026-04-08T12:55:00Z
5
value 0.00937
scoring_system epss
scoring_elements 0.76197
published_at 2026-04-09T12:55:00Z
6
value 0.00937
scoring_system epss
scoring_elements 0.76222
published_at 2026-04-11T12:55:00Z
7
value 0.00937
scoring_system epss
scoring_elements 0.76198
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3446
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
8
reference_url https://www.openssl.org/news/secadv/20230719.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://www.openssl.org/news/secadv/20230719.txt
9
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/4
10
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/5
11
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/6
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817
reference_id 1041817
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2224962
reference_id 2224962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2224962
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3446
reference_id CVE-2023-3446
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3446
15
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
16
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
17
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
18
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
19
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
20
reference_url https://access.redhat.com/errata/RHSA-2024:0154
reference_id RHSA-2024:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0154
21
reference_url https://access.redhat.com/errata/RHSA-2024:0208
reference_id RHSA-2024:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0208
22
reference_url https://access.redhat.com/errata/RHSA-2024:0408
reference_id RHSA-2024:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0408
23
reference_url https://access.redhat.com/errata/RHSA-2024:0888
reference_id RHSA-2024:0888
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0888
24
reference_url https://access.redhat.com/errata/RHSA-2024:1415
reference_id RHSA-2024:1415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1415
25
reference_url https://access.redhat.com/errata/RHSA-2024:2264
reference_id RHSA-2024:2264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2264
26
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
27
reference_url https://usn.ubuntu.com/6435-1/
reference_id USN-6435-1
reference_type
scores
url https://usn.ubuntu.com/6435-1/
28
reference_url https://usn.ubuntu.com/6435-2/
reference_id USN-6435-2
reference_type
scores
url https://usn.ubuntu.com/6435-2/
29
reference_url https://usn.ubuntu.com/6450-1/
reference_id USN-6450-1
reference_type
scores
url https://usn.ubuntu.com/6450-1/
30
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
31
reference_url https://usn.ubuntu.com/7018-1/
reference_id USN-7018-1
reference_type
scores
url https://usn.ubuntu.com/7018-1/
32
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.1.2
purl pkg:conan/openssl@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
1
vulnerability VCID-h6n1-tsqt-17bw
2
vulnerability VCID-sn5k-3e59-7ba8
3
vulnerability VCID-t4t8-753w-zqc5
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.2
1
url pkg:conan/openssl@3.1.3
purl pkg:conan/openssl@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3
aliases CVE-2023-3446
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhkt-tbz6-wuf7
27
url VCID-wxvb-73gj-p3eu
vulnerability_id VCID-wxvb-73gj-p3eu
summary 
Use of a Broken or Risky Cryptographic Algorithm
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1434.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1434.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1434
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.2067
published_at 2026-04-13T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20722
published_at 2026-04-12T12:55:00Z
2
value 0.00067
scoring_system epss
scoring_elements 0.20766
published_at 2026-04-11T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.20746
published_at 2026-04-09T12:55:00Z
4
value 0.00067
scoring_system epss
scoring_elements 0.20695
published_at 2026-04-01T12:55:00Z
5
value 0.00067
scoring_system epss
scoring_elements 0.20838
published_at 2026-04-02T12:55:00Z
6
value 0.00067
scoring_system epss
scoring_elements 0.20686
published_at 2026-04-08T12:55:00Z
7
value 0.00067
scoring_system epss
scoring_elements 0.20895
published_at 2026-04-04T12:55:00Z
8
value 0.00067
scoring_system epss
scoring_elements 0.2061
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1434
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/github/advisory-database/issues/405
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/issues/405
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d56a74a96828985db7354a55227a511615f732b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7d56a74a96828985db7354a55227a511615f732b
6
reference_url https://rustsec.org/advisories/RUSTSEC-2022-0026.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2022-0026.html
7
reference_url https://security.netapp.com/advisory/ntap-20220602-0009
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220602-0009
8
reference_url https://security.netapp.com/advisory/ntap-20220602-0009/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220602-0009/
9
reference_url https://www.openssl.org/news/secadv/20220503.txt
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openssl.org/news/secadv/20220503.txt
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087912
reference_id 2087912
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087912
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1434
reference_id CVE-2022-1434
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1434
12
reference_url https://github.com/advisories/GHSA-638m-m8mh-7gw2
reference_id GHSA-638m-m8mh-7gw2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-638m-m8mh-7gw2
13
reference_url https://usn.ubuntu.com/5402-1/
reference_id USN-5402-1
reference_type
scores
url https://usn.ubuntu.com/5402-1/
fixed_packages
0
url pkg:conan/openssl@3.0.3
purl pkg:conan/openssl@3.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.3
aliases CVE-2022-1434, GHSA-638m-m8mh-7gw2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxvb-73gj-p3eu
28
url VCID-x2wm-3tk7-wbbv
vulnerability_id VCID-x2wm-3tk7-wbbv
summary 
Access of Resource Using Incompatible Type ('Type Confusion')
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0286
reference_id
reference_type
scores
0
value 0.88474
scoring_system epss
scoring_elements 0.99496
published_at 2026-04-04T12:55:00Z
1
value 0.88474
scoring_system epss
scoring_elements 0.99495
published_at 2026-04-02T12:55:00Z
2
value 0.88981
scoring_system epss
scoring_elements 0.99526
published_at 2026-04-13T12:55:00Z
3
value 0.88981
scoring_system epss
scoring_elements 0.99525
published_at 2026-04-11T12:55:00Z
4
value 0.89087
scoring_system epss
scoring_elements 0.99528
published_at 2026-04-07T12:55:00Z
5
value 0.89087
scoring_system epss
scoring_elements 0.99529
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0286
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
7
reference_url https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/
url https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
8
reference_url https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/
url https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography
11
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
12
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
13
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
14
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
15
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0006.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0006.html
16
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/
url https://security.gentoo.org/glsa/202402-08
17
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/
url https://www.openssl.org/news/secadv/20230207.txt
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164440
reference_id 2164440
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164440
19
reference_url https://access.redhat.com/security/cve/cve-2023-0286
reference_id CVE-2023-0286
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2023-0286
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0286
reference_id CVE-2023-0286
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0286
21
reference_url https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
reference_id GHSA-x4qr-2fvf-3mr5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
22
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
reference_id GHSA-x4qr-2fvf-3mr5
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
23
reference_url https://access.redhat.com/errata/RHSA-2023:0946
reference_id RHSA-2023:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0946
24
reference_url https://access.redhat.com/errata/RHSA-2023:1199
reference_id RHSA-2023:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1199
25
reference_url https://access.redhat.com/errata/RHSA-2023:1335
reference_id RHSA-2023:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1335
26
reference_url https://access.redhat.com/errata/RHSA-2023:1405
reference_id RHSA-2023:1405
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1405
27
reference_url https://access.redhat.com/errata/RHSA-2023:1437
reference_id RHSA-2023:1437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1437
28
reference_url https://access.redhat.com/errata/RHSA-2023:1438
reference_id RHSA-2023:1438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1438
29
reference_url https://access.redhat.com/errata/RHSA-2023:1439
reference_id RHSA-2023:1439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1439
30
reference_url https://access.redhat.com/errata/RHSA-2023:1440
reference_id RHSA-2023:1440
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1440
31
reference_url https://access.redhat.com/errata/RHSA-2023:1441
reference_id RHSA-2023:1441
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1441
32
reference_url https://access.redhat.com/errata/RHSA-2023:2022
reference_id RHSA-2023:2022
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2022
33
reference_url https://access.redhat.com/errata/RHSA-2023:2165
reference_id RHSA-2023:2165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2165
34
reference_url https://access.redhat.com/errata/RHSA-2023:2932
reference_id RHSA-2023:2932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2932
35
reference_url https://access.redhat.com/errata/RHSA-2023:3354
reference_id RHSA-2023:3354
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3354
36
reference_url https://access.redhat.com/errata/RHSA-2023:3355
reference_id RHSA-2023:3355
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3355
37
reference_url https://access.redhat.com/errata/RHSA-2023:3420
reference_id RHSA-2023:3420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3420
38
reference_url https://access.redhat.com/errata/RHSA-2023:3421
reference_id RHSA-2023:3421
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3421
39
reference_url https://access.redhat.com/errata/RHSA-2023:4124
reference_id RHSA-2023:4124
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4124
40
reference_url https://access.redhat.com/errata/RHSA-2023:4128
reference_id RHSA-2023:4128
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4128
41
reference_url https://access.redhat.com/errata/RHSA-2023:4252
reference_id RHSA-2023:4252
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4252
42
reference_url https://access.redhat.com/errata/RHSA-2023:5209
reference_id RHSA-2023:5209
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5209
43
reference_url https://access.redhat.com/errata/RHSA-2024:5136
reference_id RHSA-2024:5136
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5136
44
reference_url https://access.redhat.com/errata/RHSA-2024:6095
reference_id RHSA-2024:6095
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6095
45
reference_url https://access.redhat.com/errata/RHSA-2025:7733
reference_id RHSA-2025:7733
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7733
46
reference_url https://access.redhat.com/errata/RHSA-2025:7895
reference_id RHSA-2025:7895
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7895
47
reference_url https://access.redhat.com/errata/RHSA-2025:7937
reference_id RHSA-2025:7937
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7937
48
reference_url https://usn.ubuntu.com/5844-1/
reference_id USN-5844-1
reference_type
scores
url https://usn.ubuntu.com/5844-1/
49
reference_url https://usn.ubuntu.com/5845-1/
reference_id USN-5845-1
reference_type
scores
url https://usn.ubuntu.com/5845-1/
50
reference_url https://usn.ubuntu.com/5845-2/
reference_id USN-5845-2
reference_type
scores
url https://usn.ubuntu.com/5845-2/
51
reference_url https://usn.ubuntu.com/6564-1/
reference_id USN-6564-1
reference_type
scores
url https://usn.ubuntu.com/6564-1/
52
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2023-0286, GHSA-x4qr-2fvf-3mr5
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2wm-3tk7-wbbv
29
url VCID-xnhs-4v7t-p3hv
vulnerability_id VCID-xnhs-4v7t-p3hv
summary 
Excessive Iteration
Issue summary: Checking excessively long DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. After fixing
CVE-2023-3446 it was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A correct q value,
if present, cannot be larger than the modulus p parameter, thus it is
unnecessary to perform these checks if q is larger than p.

An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulnerable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the "-check" option.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3817
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55026
published_at 2026-04-02T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.5507
published_at 2026-04-12T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55052
published_at 2026-04-13T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55028
published_at 2026-04-07T12:55:00Z
4
value 0.0032
scoring_system epss
scoring_elements 0.55077
published_at 2026-04-08T12:55:00Z
5
value 0.0032
scoring_system epss
scoring_elements 0.55076
published_at 2026-04-09T12:55:00Z
6
value 0.0032
scoring_system epss
scoring_elements 0.55089
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3817
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
3
reference_url http://seclists.org/fulldisclosure/2023/Jul/43
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2023/Jul/43
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
9
reference_url https://www.openssl.org/news/secadv/20230731.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://www.openssl.org/news/secadv/20230731.txt
10
reference_url http://www.openwall.com/lists/oss-security/2023/07/31/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/31/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2227852
reference_id 2227852
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2227852
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3817
reference_id CVE-2023-3817
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3817
13
reference_url https://access.redhat.com/errata/RHSA-2023:5931
reference_id RHSA-2023:5931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5931
14
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
15
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
16
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
17
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
18
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
19
reference_url https://access.redhat.com/errata/RHSA-2024:0154
reference_id RHSA-2024:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0154
20
reference_url https://access.redhat.com/errata/RHSA-2024:0208
reference_id RHSA-2024:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0208
21
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
22
reference_url https://usn.ubuntu.com/6435-1/
reference_id USN-6435-1
reference_type
scores
url https://usn.ubuntu.com/6435-1/
23
reference_url https://usn.ubuntu.com/6435-2/
reference_id USN-6435-2
reference_type
scores
url https://usn.ubuntu.com/6435-2/
24
reference_url https://usn.ubuntu.com/6450-1/
reference_id USN-6450-1
reference_type
scores
url https://usn.ubuntu.com/6450-1/
25
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
26
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
1
url pkg:conan/openssl@3.1.3
purl pkg:conan/openssl@3.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.3
aliases CVE-2023-3817
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnhs-4v7t-p3hv
30
url VCID-xq7s-zrwb-yffw
vulnerability_id VCID-xq7s-zrwb-yffw
summary Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution.
references
0
reference_url http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3786.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3786.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-3786
reference_id
reference_type
scores
0
value 0.2063
scoring_system epss
scoring_elements 0.95557
published_at 2026-04-02T12:55:00Z
1
value 0.2063
scoring_system epss
scoring_elements 0.95562
published_at 2026-04-04T12:55:00Z
2
value 0.2063
scoring_system epss
scoring_elements 0.95565
published_at 2026-04-07T12:55:00Z
3
value 0.2063
scoring_system epss
scoring_elements 0.95582
published_at 2026-04-13T12:55:00Z
4
value 0.2063
scoring_system epss
scoring_elements 0.95579
published_at 2026-04-11T12:55:00Z
5
value 0.2063
scoring_system epss
scoring_elements 0.9558
published_at 2026-04-12T12:55:00Z
6
value 0.2063
scoring_system epss
scoring_elements 0.95572
published_at 2026-04-08T12:55:00Z
7
value 0.2063
scoring_system epss
scoring_elements 0.95575
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-3786
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/alexcrichton/openssl-src-rs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs
5
reference_url https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs/commit/4a31c14f31e1a08c18893a37e304dd1dd4b7daa3
6
reference_url https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3
7
reference_url https://github.com/rustsec/advisory-db/pull/1452
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rustsec/advisory-db/pull/1452
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:54Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-3786
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-3786
19
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023
20
reference_url https://rustsec.org/advisories/RUSTSEC-2022-0065.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2022-0065.html
21
reference_url https://security.netapp.com/advisory/ntap-20221102-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20221102-0001
22
reference_url https://security.netapp.com/advisory/ntap-20221102-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20221102-0001/
23
reference_url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a
24
reference_url https://www.kb.cert.org/vuls/id/794340
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/794340
25
reference_url https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
reference_id
reference_type
scores
url https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
26
reference_url https://www.openssl.org/news/secadv/20221101.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:54Z/
url https://www.openssl.org/news/secadv/20221101.txt
27
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/01/15
28
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/16
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/01/16
29
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/17
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/01/17
30
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/18
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/01/18
31
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/01/19
32
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/01/20
33
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/21
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/01/21
34
reference_url http://www.openwall.com/lists/oss-security/2022/11/01/24
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/01/24
35
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/1
36
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/10
37
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/11
38
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/12
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/12
39
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/13
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/13
40
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/14
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/14
41
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/15
42
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/2
43
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/3
44
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/5
45
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/6
46
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/7
47
reference_url http://www.openwall.com/lists/oss-security/2022/11/02/9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/02/9
48
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/1
49
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/10
50
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/11
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/11
51
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/2
52
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/3
53
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/5
54
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/6
55
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/7
56
reference_url http://www.openwall.com/lists/oss-security/2022/11/03/9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/11/03/9
57
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2139104
reference_id 2139104
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2139104
58
reference_url https://github.com/advisories/GHSA-h8jm-2x53-xhp5
reference_id GHSA-h8jm-2x53-xhp5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h8jm-2x53-xhp5
59
reference_url https://security.gentoo.org/glsa/202211-01
reference_id GLSA-202211-01
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202211-01
60
reference_url https://security.gentoo.org/glsa/202405-29
reference_id GLSA-202405-29
reference_type
scores
url https://security.gentoo.org/glsa/202405-29
61
reference_url https://access.redhat.com/errata/RHSA-2022:7288
reference_id RHSA-2022:7288
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7288
62
reference_url https://access.redhat.com/errata/RHSA-2022:7384
reference_id RHSA-2022:7384
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7384
63
reference_url https://usn.ubuntu.com/5710-1/
reference_id USN-5710-1
reference_type
scores
url https://usn.ubuntu.com/5710-1/
fixed_packages
0
url pkg:conan/openssl@3.0.7
purl pkg:conan/openssl@3.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ggt-ugh5-jqeu
1
vulnerability VCID-8s28-acfa-kkhj
2
vulnerability VCID-ncw4-3azc-1fb5
3
vulnerability VCID-xqt3-3um9-8faq
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.7
aliases CVE-2022-3786, GHSA-h8jm-2x53-xhp5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xq7s-zrwb-yffw
31
url VCID-xqt3-3um9-8faq
vulnerability_id VCID-xqt3-3um9-8faq
summary 
NULL Pointer Dereference
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0401.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0401.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0401
reference_id
reference_type
scores
0
value 0.01007
scoring_system epss
scoring_elements 0.77056
published_at 2026-04-13T12:55:00Z
1
value 0.01007
scoring_system epss
scoring_elements 0.77
published_at 2026-04-02T12:55:00Z
2
value 0.01007
scoring_system epss
scoring_elements 0.77029
published_at 2026-04-04T12:55:00Z
3
value 0.01007
scoring_system epss
scoring_elements 0.7701
published_at 2026-04-07T12:55:00Z
4
value 0.01007
scoring_system epss
scoring_elements 0.77042
published_at 2026-04-08T12:55:00Z
5
value 0.01007
scoring_system epss
scoring_elements 0.77053
published_at 2026-04-09T12:55:00Z
6
value 0.01007
scoring_system epss
scoring_elements 0.77081
published_at 2026-04-11T12:55:00Z
7
value 0.01007
scoring_system epss
scoring_elements 0.77061
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0401
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/alexcrichton/openssl-src-rs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/alexcrichton/openssl-src-rs
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674
5
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
6
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0013.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2023-0013.html
7
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/
url https://security.gentoo.org/glsa/202402-08
8
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:52Z/
url https://www.openssl.org/news/secadv/20230207.txt
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164500
reference_id 2164500
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164500
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0401
reference_id CVE-2023-0401
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-0401
11
reference_url https://github.com/advisories/GHSA-vrh7-x64v-7vxq
reference_id GHSA-vrh7-x64v-7vxq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vrh7-x64v-7vxq
12
reference_url https://access.redhat.com/errata/RHSA-2023:0946
reference_id RHSA-2023:0946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0946
13
reference_url https://access.redhat.com/errata/RHSA-2023:1199
reference_id RHSA-2023:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1199
14
reference_url https://usn.ubuntu.com/5844-1/
reference_id USN-5844-1
reference_type
scores
url https://usn.ubuntu.com/5844-1/
15
reference_url https://usn.ubuntu.com/6564-1/
reference_id USN-6564-1
reference_type
scores
url https://usn.ubuntu.com/6564-1/
fixed_packages
0
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2by2-tzdd-kkc7
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
aliases CVE-2023-0401, GHSA-vrh7-x64v-7vxq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqt3-3um9-8faq
32
url VCID-zhwv-pq2x-8bey
vulnerability_id VCID-zhwv-pq2x-8bey
summary 
Improper Resource Shutdown or Release
The `OPENSSL_LH_flush()` function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1473.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1473
reference_id
reference_type
scores
0
value 0.00331
scoring_system epss
scoring_elements 0.56062
published_at 2026-04-13T12:55:00Z
1
value 0.00331
scoring_system epss
scoring_elements 0.56079
published_at 2026-04-12T12:55:00Z
2
value 0.00331
scoring_system epss
scoring_elements 0.56102
published_at 2026-04-11T12:55:00Z
3
value 0.00331
scoring_system epss
scoring_elements 0.5609
published_at 2026-04-09T12:55:00Z
4
value 0.00331
scoring_system epss
scoring_elements 0.56087
published_at 2026-04-08T12:55:00Z
5
value 0.00331
scoring_system epss
scoring_elements 0.55926
published_at 2026-04-01T12:55:00Z
6
value 0.00331
scoring_system epss
scoring_elements 0.56036
published_at 2026-04-07T12:55:00Z
7
value 0.00331
scoring_system epss
scoring_elements 0.56058
published_at 2026-04-04T12:55:00Z
8
value 0.00331
scoring_system epss
scoring_elements 0.56037
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1473
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/
url https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/github/advisory-database/issues/405
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/issues/405
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=64c85430f95200b6b51fe9475bd5203f7c19daf1
6
reference_url https://rustsec.org/advisories/RUSTSEC-2022-0025.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2022-0025.html
7
reference_url https://security.netapp.com/advisory/ntap-20220602-0009
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220602-0009
8
reference_url https://security.netapp.com/advisory/ntap-20220602-0009/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/
url https://security.netapp.com/advisory/ntap-20220602-0009/
9
reference_url https://www.openssl.org/news/secadv/20220503.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/
url https://www.openssl.org/news/secadv/20220503.txt
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2087913
reference_id 2087913
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2087913
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1473
reference_id CVE-2022-1473
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1473
12
reference_url https://github.com/advisories/GHSA-g323-fr93-4j3c
reference_id GHSA-g323-fr93-4j3c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g323-fr93-4j3c
13
reference_url https://security.gentoo.org/glsa/202210-02
reference_id GLSA-202210-02
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/
url https://security.gentoo.org/glsa/202210-02
14
reference_url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
reference_id ?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:27:10Z/
url https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=64c85430f95200b6b51fe9475bd5203f7c19daf1
15
reference_url https://access.redhat.com/errata/RHSA-2022:6224
reference_id RHSA-2022:6224
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6224
16
reference_url https://usn.ubuntu.com/5402-1/
reference_id USN-5402-1
reference_type
scores
url https://usn.ubuntu.com/5402-1/
17
reference_url https://usn.ubuntu.com/5402-2/
reference_id USN-5402-2
reference_type
scores
url https://usn.ubuntu.com/5402-2/
fixed_packages
0
url pkg:conan/openssl@3.0.5
purl pkg:conan/openssl@3.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.5
aliases CVE-2022-1473, GHSA-g323-fr93-4j3c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zhwv-pq2x-8bey
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.0