{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44405?format=json","vulnerability_id":"VCID-taas-512g-jfdw","summary":"Use After Free\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.","aliases":[{"alias":"CVE-2023-0215"},{"alias":"GHSA-r7jw-wp68-3xch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63866?format=json","purl":"pkg:conan/openssl@1.1.1w","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1w"},{"url":"http://public2.vulnerablecode.io/api/packages/121472?format=json","purl":"pkg:deb/debian/openssl@1.1.1n-0%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1n-0%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/121324?format=json","purl":"pkg:deb/debian/openssl@1.1.1w-0%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2hzz-tqgz-tbew"},{"vulnerability":"VCID-ey1a-gmtq-6yct"},{"vulnerability":"VCID-rgbt-w2ev-cfgw"},{"vulnerability":"VCID-utdy-jcq5-w7g6"},{"vulnerability":"VCID-xdsu-j1e8-ducr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.1.1w-0%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/121477?format=json","purl":"pkg:deb/debian/openssl@3.0.8-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/121322?format=json","purl":"pkg:deb/debian/openssl@3.0.20-1~deb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-rgbt-w2ev-cfgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.0.20-1~deb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/121327?format=json","purl":"pkg:deb/debian/openssl@3.5.6-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.5.6-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/121326?format=json","purl":"pkg:deb/debian/openssl@3.6.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@3.6.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/192135?format=json","purl":"pkg:ebuild/dev-libs/openssl@3.0.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/openssl@3.0.10"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58751?format=json","purl":"pkg:conan/openssl@1.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-3g6n-ujyv-jub3"},{"vulnerability":"VCID-5a2a-trbk-fkfg"},{"vulnerability":"VCID-8q7w-7je3-zkgt"},{"vulnerability":"VCID-as38-bfar-q3hh"},{"vulnerability":"VCID-erdm-7pfg-e7hc"},{"vulnerability":"VCID-fb66-4fr3-xye7"},{"vulnerability":"VCID-jrts-kcz9-hbcf"},{"vulnerability":"VCID-ju5y-bakm-mqd8"},{"vulnerability":"VCID-mnkq-e45g-fyfw"},{"vulnerability":"VCID-nqu1-ffyz-wubt"},{"vulnerability":"VCID-rhc6-smuj-uyfk"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-tkap-7nn3-uqae"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"},{"vulnerability":"VCID-uw52-vah8-uqda"},{"vulnerability":"VCID-w1qj-n768-hbar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/58752?format=json","purl":"pkg:conan/openssl@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-249a-9kqa-p7an"},{"vulnerability":"VCID-3g6n-ujyv-jub3"},{"vulnerability":"VCID-8q7w-7je3-zkgt"},{"vulnerability":"VCID-as38-bfar-q3hh"},{"vulnerability":"VCID-erdm-7pfg-e7hc"},{"vulnerability":"VCID-fb66-4fr3-xye7"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-jrts-kcz9-hbcf"},{"vulnerability":"VCID-ju5y-bakm-mqd8"},{"vulnerability":"VCID-mm8w-472m-puea"},{"vulnerability":"VCID-mnkq-e45g-fyfw"},{"vulnerability":"VCID-n1r2-zqmn-2ufh"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-tkap-7nn3-uqae"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"},{"vulnerability":"VCID-uw52-vah8-uqda"},{"vulnerability":"VCID-w1qj-n768-hbar"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/59827?format=json","purl":"pkg:conan/openssl@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-1yjs-f4gq-h7ht"},{"vulnerability":"VCID-3g6n-ujyv-jub3"},{"vulnerability":"VCID-5a2a-trbk-fkfg"},{"vulnerability":"VCID-5rhg-tvzd-h7es"},{"vulnerability":"VCID-86j5-ag2t-2qhj"},{"vulnerability":"VCID-8q7w-7je3-zkgt"},{"vulnerability":"VCID-97cm-wmq1-gkfd"},{"vulnerability":"VCID-as38-bfar-q3hh"},{"vulnerability":"VCID-erdm-7pfg-e7hc"},{"vulnerability":"VCID-f2np-fk61-nbh1"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-ju5y-bakm-mqd8"},{"vulnerability":"VCID-m7sy-6spe-6yau"},{"vulnerability":"VCID-mm8w-472m-puea"},{"vulnerability":"VCID-mnkq-e45g-fyfw"},{"vulnerability":"VCID-nqu1-ffyz-wubt"},{"vulnerability":"VCID-nx5k-32hq-yuh4"},{"vulnerability":"VCID-s6rb-rb8j-yfc6"},{"vulnerability":"VCID-sd2f-6nk6-dua6"},{"vulnerability":"VCID-se2f-3x6g-7uc6"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-tjhj-1wc7-rych"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"},{"vulnerability":"VCID-vyxk-cz2r-ffgf"},{"vulnerability":"VCID-w1qj-n768-hbar"},{"vulnerability":"VCID-yhn2-ctzh-ducy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/124902?format=json","purl":"pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-2.el8_6?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-2.el8_6%3Farch=1"},{"url":"http://public2.vulnerablecode.io/api/packages/124918?format=json","purl":"pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-4?arch=el8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/edk2@20220126gitbb1bba3d77-4%3Farch=el8"},{"url":"http://public2.vulnerablecode.io/api/packages/124923?format=json","purl":"pkg:rpm/redhat/edk2@20221207gitfff6d81270b5-9?arch=el9_2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-7qgk-99dz-x7f4"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/edk2@20221207gitfff6d81270b5-9%3Farch=el9_2"},{"url":"http://public2.vulnerablecode.io/api/packages/124909?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.1.1k-14?arch=el8jbcs","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.1.1k-14%3Farch=el8jbcs"},{"url":"http://public2.vulnerablecode.io/api/packages/124913?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.1.1k-14?arch=el7jbcs","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-openssl@1:1.1.1k-14%3Farch=el7jbcs"},{"url":"http://public2.vulnerablecode.io/api/packages/124930?format=json","purl":"pkg:rpm/redhat/jws5-tomcat-native@1.2.31-14.redhat_14?arch=el7jws","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat-native@1.2.31-14.redhat_14%3Farch=el7jws"},{"url":"http://public2.vulnerablecode.io/api/packages/124908?format=json","purl":"pkg:rpm/redhat/jws5-tomcat-native@1.2.31-14.redhat_14?arch=el8jws","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat-native@1.2.31-14.redhat_14%3Farch=el8jws"},{"url":"http://public2.vulnerablecode.io/api/packages/124924?format=json","purl":"pkg:rpm/redhat/jws5-tomcat-native@1.2.31-14.redhat_14?arch=el9jws","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jws5-tomcat-native@1.2.31-14.redhat_14%3Farch=el9jws"},{"url":"http://public2.vulnerablecode.io/api/packages/124978?format=json","purl":"pkg:rpm/redhat/openssl@1:1.1.1k-9?arch=el8_6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@1:1.1.1k-9%3Farch=el8_6"},{"url":"http://public2.vulnerablecode.io/api/packages/124901?format=json","purl":"pkg:rpm/redhat/openssl@1:1.1.1k-9?arch=el8_7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@1:1.1.1k-9%3Farch=el8_7"},{"url":"http://public2.vulnerablecode.io/api/packages/124945?format=json","purl":"pkg:rpm/redhat/openssl@1:3.0.1-46?arch=el9_0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-97cm-wmq1-gkfd"},{"vulnerability":"VCID-f2np-fk61-nbh1"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-se2f-3x6g-7uc6"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"},{"vulnerability":"VCID-yhn2-ctzh-ducy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@1:3.0.1-46%3Farch=el9_0"},{"url":"http://public2.vulnerablecode.io/api/packages/124921?format=json","purl":"pkg:rpm/redhat/openssl@1:3.0.1-47?arch=el9_1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1hgm-58xg-r7bt"},{"vulnerability":"VCID-97cm-wmq1-gkfd"},{"vulnerability":"VCID-f2np-fk61-nbh1"},{"vulnerability":"VCID-gj2m-z5b6-6yf2"},{"vulnerability":"VCID-se2f-3x6g-7uc6"},{"vulnerability":"VCID-taas-512g-jfdw"},{"vulnerability":"VCID-ts7c-u8g2-rqa4"},{"vulnerability":"VCID-yhn2-ctzh-ducy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openssl@1:3.0.1-47%3Farch=el9_1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0215","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62856","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0215"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb"},{"reference_url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2023-0009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2023-0009.html"},{"reference_url":"https://security.gentoo.org/glsa/202402-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202402-08"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230427-0007","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230427-0007"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230427-0009","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230427-0009"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240621-0006"},{"reference_url":"https://www.openssl.org/news/secadv/20230207.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openssl.org/news/secadv/20230207.txt"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164492","reference_id":"2164492","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2164492"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0215","reference_id":"CVE-2023-0215","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0215"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0946","reference_id":"RHSA-2023:0946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1199","reference_id":"RHSA-2023:1199","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1405","reference_id":"RHSA-2023:1405","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1405"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2165","reference_id":"RHSA-2023:2165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2932","reference_id":"RHSA-2023:2932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3354","reference_id":"RHSA-2023:3354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3355","reference_id":"RHSA-2023:3355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3408","reference_id":"RHSA-2023:3408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3420","reference_id":"RHSA-2023:3420","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3420"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3421","reference_id":"RHSA-2023:3421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4128","reference_id":"RHSA-2023:4128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4128"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":416,"name":"Use After Free","description":"Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-taas-512g-jfdw"}