Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/jbcs-httpd24-openssl@1:1.1.1k-16?arch=el7jbcs
Typerpm
Namespaceredhat
Namejbcs-httpd24-openssl
Version1:1.1.1k-16
Qualifiers
arch el7jbcs
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5bn8-6xa9-fqe4
vulnerability_id VCID-5bn8-6xa9-fqe4
summary 
Improper Certificate Validation
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0465.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0465.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0465
reference_id
reference_type
scores
0
value 0.00449
scoring_system epss
scoring_elements 0.6356
published_at 2026-04-02T12:55:00Z
1
value 0.00449
scoring_system epss
scoring_elements 0.6362
published_at 2026-04-12T12:55:00Z
2
value 0.00449
scoring_system epss
scoring_elements 0.63587
published_at 2026-04-13T12:55:00Z
3
value 0.00449
scoring_system epss
scoring_elements 0.63552
published_at 2026-04-07T12:55:00Z
4
value 0.00449
scoring_system epss
scoring_elements 0.63604
published_at 2026-04-08T12:55:00Z
5
value 0.00449
scoring_system epss
scoring_elements 0.63621
published_at 2026-04-09T12:55:00Z
6
value 0.00449
scoring_system epss
scoring_elements 0.63636
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0465
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c
11
reference_url https://www.openssl.org/news/secadv/20230328.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://www.openssl.org/news/secadv/20230328.txt
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id 1034720
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182561
reference_id 2182561
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182561
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0465
reference_id CVE-2023-0465
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0465
15
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
16
reference_url https://security.netapp.com/advisory/ntap-20230414-0001/
reference_id ntap-20230414-0001
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-18T20:12:09Z/
url https://security.netapp.com/advisory/ntap-20230414-0001/
17
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
21
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
22
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-0465
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bn8-6xa9-fqe4
1
url VCID-8uhr-19zz-n3b7
vulnerability_id VCID-8uhr-19zz-n3b7
summary 
Allocation of Resources Without Limits or Throttling
Issue summary: Processing some specially crafted ASN.1 object identifiers or
data containing them may be very slow.

Impact summary: Applications that use OBJ_obj2txt() directly, or use any of
the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message
size limit may experience notable to very long delays when processing those
messages, which may lead to a Denial of Service.

An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -
most of which have no size limit. OBJ_obj2txt() may be used to translate
an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL
type ASN1_OBJECT) to its canonical numeric text form, which are the
sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by
periods.

When one of the sub-identifiers in the OBJECT IDENTIFIER is very large
(these are sizes that are seen as absurdly large, taking up tens or hundreds
of KiBs), the translation to a decimal number in text may take a very long
time. The time complexity is O(n^2) with 'n' being the size of the
sub-identifiers in bytes (*).

With OpenSSL 3.0, support to fetch cryptographic algorithms using names /
identifiers in string form was introduced. This includes using OBJECT
IDENTIFIERs in canonical numeric text form as identifiers for fetching
algorithms.

Such OBJECT IDENTIFIERs may be received through the ASN.1 structure
AlgorithmIdentifier, which is commonly used in multiple protocols to specify
what cryptographic algorithm should be used to sign or verify, encrypt or
decrypt, or digest passed data.

Applications that call OBJ_obj2txt() directly with untrusted data are
affected, with any version of OpenSSL. If the use is for the mere purpose
of display, the severity is considered low.

In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,
CMS, CMP/CRMF or TS. It also impacts anything that processes X.509
certificates, including simple things like verifying its signature.

The impact on TLS is relatively low, because all versions of OpenSSL have a
100KiB limit on the peer's certificate chain. Additionally, this only
impacts clients, or servers that have explicitly enabled client
authentication.

In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,
such as X.509 certificates. This is assumed to not happen in such a way
that it would cause a Denial of Service, so these versions are considered
not affected by this issue in such a way that it would be cause for concern,
and the severity is therefore considered low.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2650.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2650.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2650
reference_id
reference_type
scores
0
value 0.92003
scoring_system epss
scoring_elements 0.99696
published_at 2026-04-02T12:55:00Z
1
value 0.92003
scoring_system epss
scoring_elements 0.99701
published_at 2026-04-12T12:55:00Z
2
value 0.92003
scoring_system epss
scoring_elements 0.99697
published_at 2026-04-04T12:55:00Z
3
value 0.92003
scoring_system epss
scoring_elements 0.99698
published_at 2026-04-07T12:55:00Z
4
value 0.92003
scoring_system epss
scoring_elements 0.99699
published_at 2026-04-09T12:55:00Z
5
value 0.92003
scoring_system epss
scoring_elements 0.997
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2650
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
11
reference_url https://www.debian.org/security/2023/dsa-5417
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://www.debian.org/security/2023/dsa-5417
12
reference_url https://www.openssl.org/news/secadv/20230530.txt
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://www.openssl.org/news/secadv/20230530.txt
13
reference_url http://www.openwall.com/lists/oss-security/2023/05/30/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url http://www.openwall.com/lists/oss-security/2023/05/30/1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2207947
reference_id 2207947
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2207947
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2650
reference_id CVE-2023-2650
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-2650
16
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
17
reference_url https://security.netapp.com/advisory/ntap-20230703-0001/
reference_id ntap-20230703-0001
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://security.netapp.com/advisory/ntap-20230703-0001/
18
reference_url https://security.netapp.com/advisory/ntap-20231027-0009/
reference_id ntap-20231027-0009
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://security.netapp.com/advisory/ntap-20231027-0009/
19
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
20
reference_url https://access.redhat.com/errata/RHSA-2023:6330
reference_id RHSA-2023:6330
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6330
21
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
22
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
23
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
24
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
25
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009
reference_id SNWLID-2023-0009
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:55:48Z/
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009
26
reference_url https://usn.ubuntu.com/6119-1/
reference_id USN-6119-1
reference_type
scores
url https://usn.ubuntu.com/6119-1/
27
reference_url https://usn.ubuntu.com/6188-1/
reference_id USN-6188-1
reference_type
scores
url https://usn.ubuntu.com/6188-1/
28
reference_url https://usn.ubuntu.com/6672-1/
reference_id USN-6672-1
reference_type
scores
url https://usn.ubuntu.com/6672-1/
29
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-2650
risk_score 10.0
exploitability 2.0
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uhr-19zz-n3b7
2
url VCID-9gqm-1tcm-2kga
vulnerability_id VCID-9gqm-1tcm-2kga
summary 
Improper Certificate Validation
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0464.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0464.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0464
reference_id
reference_type
scores
0
value 0.00857
scoring_system epss
scoring_elements 0.74974
published_at 2026-04-04T12:55:00Z
1
value 0.00857
scoring_system epss
scoring_elements 0.74949
published_at 2026-04-07T12:55:00Z
2
value 0.00857
scoring_system epss
scoring_elements 0.74983
published_at 2026-04-08T12:55:00Z
3
value 0.00857
scoring_system epss
scoring_elements 0.74945
published_at 2026-04-02T12:55:00Z
4
value 0.00968
scoring_system epss
scoring_elements 0.76623
published_at 2026-04-11T12:55:00Z
5
value 0.00968
scoring_system epss
scoring_elements 0.76593
published_at 2026-04-13T12:55:00Z
6
value 0.00968
scoring_system epss
scoring_elements 0.76602
published_at 2026-04-12T12:55:00Z
7
value 0.00995
scoring_system epss
scoring_elements 0.76931
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0464
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
11
reference_url https://www.openssl.org/news/secadv/20230322.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://www.openssl.org/news/secadv/20230322.txt
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id 1034720
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2181082
reference_id 2181082
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2181082
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0464
reference_id CVE-2023-0464
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0464
15
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:32Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
16
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
17
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
18
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
19
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
20
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
21
reference_url https://usn.ubuntu.com/6039-1/
reference_id USN-6039-1
reference_type
scores
url https://usn.ubuntu.com/6039-1/
22
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-0464
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gqm-1tcm-2kga
3
url VCID-hjgb-ch1w-nbfs
vulnerability_id VCID-hjgb-ch1w-nbfs
summary 
Improper Certificate Validation
The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-0466
reference_id
reference_type
scores
0
value 0.00711
scoring_system epss
scoring_elements 0.72206
published_at 2026-04-02T12:55:00Z
1
value 0.00711
scoring_system epss
scoring_elements 0.72242
published_at 2026-04-13T12:55:00Z
2
value 0.00711
scoring_system epss
scoring_elements 0.72226
published_at 2026-04-04T12:55:00Z
3
value 0.00711
scoring_system epss
scoring_elements 0.72201
published_at 2026-04-07T12:55:00Z
4
value 0.00711
scoring_system epss
scoring_elements 0.72238
published_at 2026-04-08T12:55:00Z
5
value 0.00711
scoring_system epss
scoring_elements 0.7225
published_at 2026-04-09T12:55:00Z
6
value 0.00711
scoring_system epss
scoring_elements 0.72272
published_at 2026-04-11T12:55:00Z
7
value 0.00711
scoring_system epss
scoring_elements 0.72256
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-0466
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
9
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
10
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
11
reference_url https://www.openssl.org/news/secadv/20230328.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://www.openssl.org/news/secadv/20230328.txt
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
reference_id 1034720
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182565
reference_id 2182565
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182565
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0466
reference_id CVE-2023-0466
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0466
15
reference_url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
reference_id msg00011.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
16
reference_url https://security.netapp.com/advisory/ntap-20230414-0001/
reference_id ntap-20230414-0001
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/
url https://security.netapp.com/advisory/ntap-20230414-0001/
17
reference_url https://access.redhat.com/errata/RHSA-2023:3722
reference_id RHSA-2023:3722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3722
18
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
19
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
20
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
21
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
22
reference_url https://usn.ubuntu.com/6039-1/
reference_id USN-6039-1
reference_type
scores
url https://usn.ubuntu.com/6039-1/
23
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-0466
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjgb-ch1w-nbfs
4
url VCID-vhkt-tbz6-wuf7
vulnerability_id VCID-vhkt-tbz6-wuf7
summary 
Inefficient Regular Expression Complexity
Issue summary: Checking excessively long DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. One of those
checks confirms that the modulus ('p' parameter) is not too large. Trying to use
a very large modulus is slow and OpenSSL will not normally use a modulus which
is over 10,000 bits in length.

However the DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus value
even if it has already been found to be too large.

An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulernable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the '-check' option.

The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3446.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3446
reference_id
reference_type
scores
0
value 0.00937
scoring_system epss
scoring_elements 0.76138
published_at 2026-04-02T12:55:00Z
1
value 0.00937
scoring_system epss
scoring_elements 0.76196
published_at 2026-04-13T12:55:00Z
2
value 0.00937
scoring_system epss
scoring_elements 0.76171
published_at 2026-04-04T12:55:00Z
3
value 0.00937
scoring_system epss
scoring_elements 0.76151
published_at 2026-04-07T12:55:00Z
4
value 0.00937
scoring_system epss
scoring_elements 0.76184
published_at 2026-04-08T12:55:00Z
5
value 0.00937
scoring_system epss
scoring_elements 0.76197
published_at 2026-04-09T12:55:00Z
6
value 0.00937
scoring_system epss
scoring_elements 0.76222
published_at 2026-04-11T12:55:00Z
7
value 0.00937
scoring_system epss
scoring_elements 0.76198
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3446
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
8
reference_url https://www.openssl.org/news/secadv/20230719.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:22Z/
url https://www.openssl.org/news/secadv/20230719.txt
9
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/4
10
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/5
11
reference_url http://www.openwall.com/lists/oss-security/2023/07/19/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/19/6
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817
reference_id 1041817
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041817
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2224962
reference_id 2224962
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2224962
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3446
reference_id CVE-2023-3446
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3446
15
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
16
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
17
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
18
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
19
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
20
reference_url https://access.redhat.com/errata/RHSA-2024:0154
reference_id RHSA-2024:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0154
21
reference_url https://access.redhat.com/errata/RHSA-2024:0208
reference_id RHSA-2024:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0208
22
reference_url https://access.redhat.com/errata/RHSA-2024:0408
reference_id RHSA-2024:0408
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0408
23
reference_url https://access.redhat.com/errata/RHSA-2024:0888
reference_id RHSA-2024:0888
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0888
24
reference_url https://access.redhat.com/errata/RHSA-2024:1415
reference_id RHSA-2024:1415
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1415
25
reference_url https://access.redhat.com/errata/RHSA-2024:2264
reference_id RHSA-2024:2264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2264
26
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
27
reference_url https://usn.ubuntu.com/6435-1/
reference_id USN-6435-1
reference_type
scores
url https://usn.ubuntu.com/6435-1/
28
reference_url https://usn.ubuntu.com/6435-2/
reference_id USN-6435-2
reference_type
scores
url https://usn.ubuntu.com/6435-2/
29
reference_url https://usn.ubuntu.com/6450-1/
reference_id USN-6450-1
reference_type
scores
url https://usn.ubuntu.com/6450-1/
30
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
31
reference_url https://usn.ubuntu.com/7018-1/
reference_id USN-7018-1
reference_type
scores
url https://usn.ubuntu.com/7018-1/
32
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-3446
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vhkt-tbz6-wuf7
5
url VCID-xnhs-4v7t-p3hv
vulnerability_id VCID-xnhs-4v7t-p3hv
summary 
Excessive Iteration
Issue summary: Checking excessively long DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_check(), DH_check_ex()
or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long
delays. Where the key or parameters that are being checked have been obtained
from an untrusted source this may lead to a Denial of Service.

The function DH_check() performs various checks on DH parameters. After fixing
CVE-2023-3446 it was discovered that a large q parameter value can also trigger
an overly long computation during some of these checks. A correct q value,
if present, cannot be larger than the modulus p parameter, thus it is
unnecessary to perform these checks if q is larger than p.

An application that calls DH_check() and supplies a key or parameters obtained
from an untrusted source could be vulnerable to a Denial of Service attack.

The function DH_check() is itself called by a number of other OpenSSL functions.
An application calling any of those other functions may similarly be affected.
The other functions affected by this are DH_check_ex() and
EVP_PKEY_param_check().

Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications
when using the "-check" option.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3817.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3817
reference_id
reference_type
scores
0
value 0.0032
scoring_system epss
scoring_elements 0.55026
published_at 2026-04-02T12:55:00Z
1
value 0.0032
scoring_system epss
scoring_elements 0.5507
published_at 2026-04-12T12:55:00Z
2
value 0.0032
scoring_system epss
scoring_elements 0.55052
published_at 2026-04-13T12:55:00Z
3
value 0.0032
scoring_system epss
scoring_elements 0.55028
published_at 2026-04-07T12:55:00Z
4
value 0.0032
scoring_system epss
scoring_elements 0.55077
published_at 2026-04-08T12:55:00Z
5
value 0.0032
scoring_system epss
scoring_elements 0.55076
published_at 2026-04-09T12:55:00Z
6
value 0.0032
scoring_system epss
scoring_elements 0.55089
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3817
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817
3
reference_url http://seclists.org/fulldisclosure/2023/Jul/43
reference_id
reference_type
scores
url http://seclists.org/fulldisclosure/2023/Jul/43
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5
6
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644
7
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f
8
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5
9
reference_url https://www.openssl.org/news/secadv/20230731.txt
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:20Z/
url https://www.openssl.org/news/secadv/20230731.txt
10
reference_url http://www.openwall.com/lists/oss-security/2023/07/31/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2023/07/31/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2227852
reference_id 2227852
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2227852
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3817
reference_id CVE-2023-3817
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-3817
13
reference_url https://access.redhat.com/errata/RHSA-2023:5931
reference_id RHSA-2023:5931
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5931
14
reference_url https://access.redhat.com/errata/RHSA-2023:7622
reference_id RHSA-2023:7622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7622
15
reference_url https://access.redhat.com/errata/RHSA-2023:7623
reference_id RHSA-2023:7623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7623
16
reference_url https://access.redhat.com/errata/RHSA-2023:7625
reference_id RHSA-2023:7625
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7625
17
reference_url https://access.redhat.com/errata/RHSA-2023:7626
reference_id RHSA-2023:7626
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7626
18
reference_url https://access.redhat.com/errata/RHSA-2023:7877
reference_id RHSA-2023:7877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7877
19
reference_url https://access.redhat.com/errata/RHSA-2024:0154
reference_id RHSA-2024:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0154
20
reference_url https://access.redhat.com/errata/RHSA-2024:0208
reference_id RHSA-2024:0208
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0208
21
reference_url https://access.redhat.com/errata/RHSA-2024:2447
reference_id RHSA-2024:2447
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2447
22
reference_url https://usn.ubuntu.com/6435-1/
reference_id USN-6435-1
reference_type
scores
url https://usn.ubuntu.com/6435-1/
23
reference_url https://usn.ubuntu.com/6435-2/
reference_id USN-6435-2
reference_type
scores
url https://usn.ubuntu.com/6435-2/
24
reference_url https://usn.ubuntu.com/6450-1/
reference_id USN-6450-1
reference_type
scores
url https://usn.ubuntu.com/6450-1/
25
reference_url https://usn.ubuntu.com/6709-1/
reference_id USN-6709-1
reference_type
scores
url https://usn.ubuntu.com/6709-1/
26
reference_url https://usn.ubuntu.com/7894-1/
reference_id USN-7894-1
reference_type
scores
url https://usn.ubuntu.com/7894-1/
fixed_packages
aliases CVE-2023-3817
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnhs-4v7t-p3hv
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.1.1k-16%3Farch=el7jbcs