VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-bgkw-96dy-aaas

Essentials
Severities (103)
References (14)
Severity details (16)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-bgkw-96dy-aaas
Aliases	CVE-2023-0217 GHSA-vxrh-cpg7-8vjr
Summary	An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-476	NULL Pointer Dereference
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00449	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00462	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00462	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
epss	0.00758	https://api.first.org/data/v1/epss?cve=CVE-2023-0217
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-vxrh-cpg7-8vjr
cvssv3.1	7.5	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096
generic_textual	HIGH	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-0217
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-0217
cvssv3.1	7.5	https://rustsec.org/advisories/RUSTSEC-2023-0012.html
generic_textual	HIGH	https://rustsec.org/advisories/RUSTSEC-2023-0012.html
cvssv3.1	7.5	https://security.gentoo.org/glsa/202402-08
ssvc	Track	https://security.gentoo.org/glsa/202402-08
cvssv3.1	7.4	https://www.openssl.org/news/secadv/20230207.txt
cvssv3.1	7.5	https://www.openssl.org/news/secadv/20230207.txt
generic_textual	HIGH	https://www.openssl.org/news/secadv/20230207.txt
ssvc	Track	https://www.openssl.org/news/secadv/20230207.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-0217
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096
		https://rustsec.org/advisories/RUSTSEC-2023-0012.html
		https://www.openssl.org/news/secadv/20230207.txt
2164499		https://bugzilla.redhat.com/show_bug.cgi?id=2164499
cpe:2.3:a:openssl:openssl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
CVE-2023-0217		https://nvd.nist.gov/vuln/detail/CVE-2023-0217
GHSA-vxrh-cpg7-8vjr		https://github.com/advisories/GHSA-vxrh-cpg7-8vjr
GLSA-202402-08		https://security.gentoo.org/glsa/202402-08
RHSA-2023:0946		https://access.redhat.com/errata/RHSA-2023:0946
RHSA-2023:1199		https://access.redhat.com/errata/RHSA-2023:1199
USN-5844-1		https://usn.ubuntu.com/5844-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0217.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0217

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0217

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://rustsec.org/advisories/RUSTSEC-2023-0012.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202402-08

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/ Found at https://security.gentoo.org/glsa/202402-08

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://www.openssl.org/news/secadv/20230207.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openssl.org/news/secadv/20230207.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:50Z/ Found at https://www.openssl.org/news/secadv/20230207.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.56777
EPSS Score	0.00187
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.