Search for vulnerabilities
Vulnerability details: VCID-9wtx-9sbn-aaam
Vulnerability ID VCID-9wtx-9sbn-aaam
Aliases CVE-2023-0286
GHSA-x4qr-2fvf-3mr5
Summary Vulnerable OpenSSL included in cryptography wheels
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-704 Incorrect Type Conversion or Cast
System Score Found at
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00387 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.00422 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8559 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8559 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8559 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8559 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8559 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8559 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8559 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8576 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8576 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.8576 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.87987 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.89079 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.91013 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss 0.9108 https://api.first.org/data/v1/epss?cve=CVE-2023-0286
cvssv3.1 7.4 https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
generic_textual HIGH https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
ssvc Track https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
cvssv3.1 7.4 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
generic_textual HIGH https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
ssvc Track https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
cvssv3.1 7.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1 7.5 https://github.com/pyca/cryptography
generic_textual HIGH https://github.com/pyca/cryptography
cvssv3.1_qr CRITICAL https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1_qr HIGH https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1_qr MODERATE https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1 7.4 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
generic_textual HIGH https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
cvssv3.1 7.4 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
generic_textual HIGH https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
cvssv3.1 7.4 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
generic_textual HIGH https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
cvssv3 7.4 https://nvd.nist.gov/vuln/detail/CVE-2023-0286
cvssv3.1 7.4 https://nvd.nist.gov/vuln/detail/CVE-2023-0286
cvssv3.1 7.4 https://rustsec.org/advisories/RUSTSEC-2023-0006.html
generic_textual HIGH https://rustsec.org/advisories/RUSTSEC-2023-0006.html
cvssv3.1 7.4 https://security.gentoo.org/glsa/202402-08
ssvc Track https://security.gentoo.org/glsa/202402-08
cvssv3.1 7.4 https://www.openssl.org/news/secadv/20230207.txt
generic_textual HIGH https://www.openssl.org/news/secadv/20230207.txt
ssvc Track https://www.openssl.org/news/secadv/20230207.txt
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json
https://api.first.org/data/v1/epss?cve=CVE-2023-0286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/pyca/cryptography
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
https://rustsec.org/advisories/RUSTSEC-2023-0006.html
https://www.openssl.org/news/secadv/20230207.txt
2164440 https://bugzilla.redhat.com/show_bug.cgi?id=2164440
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stormshield:stormshield_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
CVE-2023-0286 https://access.redhat.com/security/cve/cve-2023-0286
CVE-2023-0286 https://nvd.nist.gov/vuln/detail/CVE-2023-0286
GHSA-x4qr-2fvf-3mr5 https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
GHSA-x4qr-2fvf-3mr5 https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
GLSA-202402-08 https://security.gentoo.org/glsa/202402-08
RHSA-2023:0946 https://access.redhat.com/errata/RHSA-2023:0946
RHSA-2023:1199 https://access.redhat.com/errata/RHSA-2023:1199
RHSA-2023:1335 https://access.redhat.com/errata/RHSA-2023:1335
RHSA-2023:1405 https://access.redhat.com/errata/RHSA-2023:1405
RHSA-2023:1437 https://access.redhat.com/errata/RHSA-2023:1437
RHSA-2023:1438 https://access.redhat.com/errata/RHSA-2023:1438
RHSA-2023:1439 https://access.redhat.com/errata/RHSA-2023:1439
RHSA-2023:1440 https://access.redhat.com/errata/RHSA-2023:1440
RHSA-2023:1441 https://access.redhat.com/errata/RHSA-2023:1441
RHSA-2023:2022 https://access.redhat.com/errata/RHSA-2023:2022
RHSA-2023:2165 https://access.redhat.com/errata/RHSA-2023:2165
RHSA-2023:2932 https://access.redhat.com/errata/RHSA-2023:2932
RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354
RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355
RHSA-2023:3420 https://access.redhat.com/errata/RHSA-2023:3420
RHSA-2023:3421 https://access.redhat.com/errata/RHSA-2023:3421
RHSA-2023:4124 https://access.redhat.com/errata/RHSA-2023:4124
RHSA-2023:4128 https://access.redhat.com/errata/RHSA-2023:4128
RHSA-2023:4252 https://access.redhat.com/errata/RHSA-2023:4252
RHSA-2023:5209 https://access.redhat.com/errata/RHSA-2023:5209
RHSA-2024:5136 https://access.redhat.com/errata/RHSA-2024:5136
RHSA-2024:6095 https://access.redhat.com/errata/RHSA-2024:6095
RHSA-2025:7733 https://access.redhat.com/errata/RHSA-2025:7733
RHSA-2025:7895 https://access.redhat.com/errata/RHSA-2025:7895
RHSA-2025:7937 https://access.redhat.com/errata/RHSA-2025:7937
USN-5844-1 https://usn.ubuntu.com/5844-1/
USN-5845-1 https://usn.ubuntu.com/5845-1/
USN-5845-2 https://usn.ubuntu.com/5845-2/
USN-6564-1 https://usn.ubuntu.com/6564-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/pyca/cryptography
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0286
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0286
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://rustsec.org/advisories/RUSTSEC-2023-0006.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://security.gentoo.org/glsa/202402-08
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://security.gentoo.org/glsa/202402-08
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://www.openssl.org/news/secadv/20230207.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://www.openssl.org/news/secadv/20230207.txt
Exploit Prediction Scoring System (EPSS)
Percentile 0.73710
EPSS Score 0.00387
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.