VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-avpj-snvy-8ucj

Essentials
Severities (43)
References (54)
Severity details (35)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-avpj-snvy-8ucj
Aliases	CVE-2023-0286 GHSA-x4qr-2fvf-3mr5
Summary	There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-843	Access of Resource Using Incompatible Type ('Type Confusion')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-704	Incorrect Type Conversion or Cast

System	Score	Found at
cvssv3	7.4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json
cvssv3.1	7.4	https://access.redhat.com/security/cve/cve-2023-0286
generic_textual	HIGH	https://access.redhat.com/security/cve/cve-2023-0286
epss	0.7657	https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss	0.7657	https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss	0.79912	https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss	0.79912	https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss	0.88099	https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss	0.88099	https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss	0.88099	https://api.first.org/data/v1/epss?cve=CVE-2023-0286
epss	0.88751	https://api.first.org/data/v1/epss?cve=CVE-2023-0286
cvssv3.1	7.4	https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
generic_textual	HIGH	https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
ssvc	Track	https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
cvssv3.1	7.4	https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
generic_textual	HIGH	https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
ssvc	Track	https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
cvssv3.1	7.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1	7.4	https://github.com/pyca/cryptography
generic_textual	HIGH	https://github.com/pyca/cryptography
cvssv3.1	7.4	https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1_qr	HIGH	https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
generic_textual	HIGH	https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
cvssv3.1	7.4	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
generic_textual	HIGH	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
cvssv3.1	7.4	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
generic_textual	HIGH	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
cvssv3.1	7.4	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
generic_textual	HIGH	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
cvssv3.1	7.4	https://nvd.nist.gov/vuln/detail/CVE-2023-0286
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-0286
cvssv3.1	7.4	https://rustsec.org/advisories/RUSTSEC-2023-0006.html
generic_textual	HIGH	https://rustsec.org/advisories/RUSTSEC-2023-0006.html
cvssv3.1	7.4	https://security.gentoo.org/glsa/202402-08
generic_textual	HIGH	https://security.gentoo.org/glsa/202402-08
ssvc	Track	https://security.gentoo.org/glsa/202402-08
cvssv3.1	7.4	https://www.openssl.org/news/secadv/20230207.txt
generic_textual	HIGH	https://www.openssl.org/news/secadv/20230207.txt
ssvc	Track	https://www.openssl.org/news/secadv/20230207.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json
		https://access.redhat.com/security/cve/cve-2023-0286
		https://api.first.org/data/v1/epss?cve=CVE-2023-0286
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
		https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
		https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/pyca/cryptography
		https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
		https://nvd.nist.gov/vuln/detail/CVE-2023-0286
		https://rustsec.org/advisories/RUSTSEC-2023-0006.html
		https://security.gentoo.org/glsa/202402-08
		https://www.openssl.org/news/secadv/20230207.txt
2164440		https://bugzilla.redhat.com/show_bug.cgi?id=2164440
cpe:2.3:a:openssl:openssl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
cpe:2.3:a:stormshield:stormshield_management_center::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stormshield:stormshield_management_center::::::::
cpe:2.3:a:stormshield:stormshield_network_security::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stormshield:stormshield_network_security::::::::
GHSA-x4qr-2fvf-3mr5		https://github.com/advisories/GHSA-x4qr-2fvf-3mr5
RHSA-2023:0946		https://access.redhat.com/errata/RHSA-2023:0946
RHSA-2023:1199		https://access.redhat.com/errata/RHSA-2023:1199
RHSA-2023:1335		https://access.redhat.com/errata/RHSA-2023:1335
RHSA-2023:1405		https://access.redhat.com/errata/RHSA-2023:1405
RHSA-2023:1437		https://access.redhat.com/errata/RHSA-2023:1437
RHSA-2023:1438		https://access.redhat.com/errata/RHSA-2023:1438
RHSA-2023:1439		https://access.redhat.com/errata/RHSA-2023:1439
RHSA-2023:1440		https://access.redhat.com/errata/RHSA-2023:1440
RHSA-2023:1441		https://access.redhat.com/errata/RHSA-2023:1441
RHSA-2023:2022		https://access.redhat.com/errata/RHSA-2023:2022
RHSA-2023:2165		https://access.redhat.com/errata/RHSA-2023:2165
RHSA-2023:2932		https://access.redhat.com/errata/RHSA-2023:2932
RHSA-2023:3354		https://access.redhat.com/errata/RHSA-2023:3354
RHSA-2023:3355		https://access.redhat.com/errata/RHSA-2023:3355
RHSA-2023:3420		https://access.redhat.com/errata/RHSA-2023:3420
RHSA-2023:3421		https://access.redhat.com/errata/RHSA-2023:3421
RHSA-2023:4124		https://access.redhat.com/errata/RHSA-2023:4124
RHSA-2023:4128		https://access.redhat.com/errata/RHSA-2023:4128
RHSA-2023:4252		https://access.redhat.com/errata/RHSA-2023:4252
RHSA-2023:5209		https://access.redhat.com/errata/RHSA-2023:5209
RHSA-2024:5136		https://access.redhat.com/errata/RHSA-2024:5136
RHSA-2024:6095		https://access.redhat.com/errata/RHSA-2024:6095
RHSA-2025:7733		https://access.redhat.com/errata/RHSA-2025:7733
RHSA-2025:7895		https://access.redhat.com/errata/RHSA-2025:7895
RHSA-2025:7937		https://access.redhat.com/errata/RHSA-2025:7937
USN-5844-1		https://usn.ubuntu.com/5844-1/
USN-5845-1		https://usn.ubuntu.com/5845-1/
USN-5845-2		https://usn.ubuntu.com/5845-2/
USN-6564-1		https://usn.ubuntu.com/6564-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://access.redhat.com/security/cve/cve-2023-0286

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/pyca/cryptography

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0286

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://rustsec.org/advisories/RUSTSEC-2023-0006.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://security.gentoo.org/glsa/202402-08

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://security.gentoo.org/glsa/202402-08

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://www.openssl.org/news/secadv/20230207.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/ Found at https://www.openssl.org/news/secadv/20230207.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.98902
EPSS Score	0.7657
Published At	Aug. 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:37:02.560400+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/6564-1/	37.0.0