Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ts7c-u8g2-rqa4
Summary
Access of Resource Using Incompatible Type ('Type Confusion')
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
Aliases
0
alias CVE-2023-0286
1
alias GHSA-x4qr-2fvf-3mr5
Fixed_packages
0
url pkg:conan/openssl@1.1.1w
purl pkg:conan/openssl@1.1.1w
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1w
1
url pkg:conan/openssl@3.0.12
purl pkg:conan/openssl@3.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nx5k-32hq-yuh4
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.12
2
url pkg:pypi/cryptography@39.0.1
purl pkg:pypi/cryptography@39.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dzvc-j4et-ukgu
1
vulnerability VCID-jksg-v3x3-z3d3
2
vulnerability VCID-n7hx-bfnn-5kgc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.1
Affected_packages
0
url pkg:conan/openssl@1.0.2
purl pkg:conan/openssl@1.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hgm-58xg-r7bt
1
vulnerability VCID-3g6n-ujyv-jub3
2
vulnerability VCID-5a2a-trbk-fkfg
3
vulnerability VCID-8q7w-7je3-zkgt
4
vulnerability VCID-as38-bfar-q3hh
5
vulnerability VCID-erdm-7pfg-e7hc
6
vulnerability VCID-ju5y-bakm-mqd8
7
vulnerability VCID-mnkq-e45g-fyfw
8
vulnerability VCID-nqu1-ffyz-wubt
9
vulnerability VCID-taas-512g-jfdw
10
vulnerability VCID-ts7c-u8g2-rqa4
11
vulnerability VCID-uw52-vah8-uqda
12
vulnerability VCID-w1qj-n768-hbar
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2
1
url pkg:conan/openssl@1.1.1
purl pkg:conan/openssl@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hgm-58xg-r7bt
1
vulnerability VCID-3g6n-ujyv-jub3
2
vulnerability VCID-8q7w-7je3-zkgt
3
vulnerability VCID-as38-bfar-q3hh
4
vulnerability VCID-erdm-7pfg-e7hc
5
vulnerability VCID-gj2m-z5b6-6yf2
6
vulnerability VCID-ju5y-bakm-mqd8
7
vulnerability VCID-mm8w-472m-puea
8
vulnerability VCID-mnkq-e45g-fyfw
9
vulnerability VCID-n1r2-zqmn-2ufh
10
vulnerability VCID-taas-512g-jfdw
11
vulnerability VCID-ts7c-u8g2-rqa4
12
vulnerability VCID-uw52-vah8-uqda
13
vulnerability VCID-w1qj-n768-hbar
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1
2
url pkg:conan/openssl@3.0.0
purl pkg:conan/openssl@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hgm-58xg-r7bt
1
vulnerability VCID-1yjs-f4gq-h7ht
2
vulnerability VCID-3g6n-ujyv-jub3
3
vulnerability VCID-5a2a-trbk-fkfg
4
vulnerability VCID-5rhg-tvzd-h7es
5
vulnerability VCID-86j5-ag2t-2qhj
6
vulnerability VCID-8q7w-7je3-zkgt
7
vulnerability VCID-97cm-wmq1-gkfd
8
vulnerability VCID-as38-bfar-q3hh
9
vulnerability VCID-erdm-7pfg-e7hc
10
vulnerability VCID-f2np-fk61-nbh1
11
vulnerability VCID-gj2m-z5b6-6yf2
12
vulnerability VCID-ju5y-bakm-mqd8
13
vulnerability VCID-m7sy-6spe-6yau
14
vulnerability VCID-mm8w-472m-puea
15
vulnerability VCID-mnkq-e45g-fyfw
16
vulnerability VCID-nqu1-ffyz-wubt
17
vulnerability VCID-nx5k-32hq-yuh4
18
vulnerability VCID-s6rb-rb8j-yfc6
19
vulnerability VCID-sd2f-6nk6-dua6
20
vulnerability VCID-se2f-3x6g-7uc6
21
vulnerability VCID-taas-512g-jfdw
22
vulnerability VCID-tjhj-1wc7-rych
23
vulnerability VCID-ts7c-u8g2-rqa4
24
vulnerability VCID-vyxk-cz2r-ffgf
25
vulnerability VCID-w1qj-n768-hbar
26
vulnerability VCID-yhn2-ctzh-ducy
resource_url http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.0
3
url pkg:pypi/cryptography@0.8.1
purl pkg:pypi/cryptography@0.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8kj7-du9v-uugw
1
vulnerability VCID-jksg-v3x3-z3d3
2
vulnerability VCID-ts7c-u8g2-rqa4
3
vulnerability VCID-v56n-dpyv-rug7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@0.8.1
References
0
reference_url https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
reference_id
reference_type
scores
url https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
1
reference_url https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
reference_id
reference_type
scores
url https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
2
reference_url https://github.com/pyca/cryptography
reference_id
reference_type
scores
url https://github.com/pyca/cryptography
3
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
4
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
5
reference_url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
reference_id
reference_type
scores
url https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
6
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
reference_id
reference_type
scores
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
7
reference_url https://rustsec.org/advisories/RUSTSEC-2023-0006.html
reference_id
reference_type
scores
url https://rustsec.org/advisories/RUSTSEC-2023-0006.html
8
reference_url https://security.gentoo.org/glsa/202402-08
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/202402-08
9
reference_url https://www.openssl.org/news/secadv/20230207.txt
reference_id
reference_type
scores
url https://www.openssl.org/news/secadv/20230207.txt
10
reference_url https://access.redhat.com/security/cve/cve-2023-0286
reference_id CVE-2023-0286
reference_type
scores
url https://access.redhat.com/security/cve/cve-2023-0286
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-0286
reference_id CVE-2023-0286
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-0286
12
reference_url https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
reference_id GHSA-x4qr-2fvf-3mr5
reference_type
scores
url https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
13
reference_url https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
reference_id GHSA-x4qr-2fvf-3mr5
reference_type
scores
url https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 843
name Access of Resource Using Incompatible Type ('Type Confusion')
description The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ts7c-u8g2-rqa4