VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kn8m-m9v4-aaaa

Essentials
Severities (122)
References (27)
Severity details (39)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-kn8m-m9v4-aaaa
Aliases	CVE-2023-0466
Summary	Improper Certificate Validation The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-295	Improper Certificate Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00406	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00417	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00417	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00479	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00479	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00479	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00479	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00666	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00685	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00685	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.00685	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
epss	0.01148	https://api.first.org/data/v1/epss?cve=CVE-2023-0466
cvssv3.1	2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
cvssv3.1	5.3	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
cvssv3.1	5.3	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
cvssv3.1	5.3	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
cvssv3.1	5.3	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
cvssv3.1	5.3	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
cvssv3.1	5.3	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
cvssv3.1	5.3	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
cvssv3.1	5.3	https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
cvssv3	5.3	https://nvd.nist.gov/vuln/detail/CVE-2023-0466
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2023-0466
cvssv3.1	5.3	https://security.gentoo.org/glsa/202402-08
ssvc	Track	https://security.gentoo.org/glsa/202402-08
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20230414-0001/
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20230414-0001/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230414-0001/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230414-0001/
cvssv3.1	5.3	https://www.debian.org/security/2023/dsa-5417
cvssv3.1	5.3	https://www.debian.org/security/2023/dsa-5417
ssvc	Track	https://www.debian.org/security/2023/dsa-5417
cvssv3.1	5.3	https://www.openssl.org/news/secadv/20230328.txt
cvssv3.1	5.3	https://www.openssl.org/news/secadv/20230328.txt
ssvc	Track	https://www.openssl.org/news/secadv/20230328.txt
ssvc	Track	https://www.openssl.org/news/secadv/20230328.txt
cvssv3.1	5.3	http://www.openwall.com/lists/oss-security/2023/09/28/4
cvssv3.1	8.8	http://www.openwall.com/lists/oss-security/2023/09/28/4
generic_textual	HIGH	http://www.openwall.com/lists/oss-security/2023/09/28/4
ssvc	Track	http://www.openwall.com/lists/oss-security/2023/09/28/4

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-0466
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0464
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0465
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0466
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
		https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
		https://security.netapp.com/advisory/ntap-20230414-0001/
		https://www.debian.org/security/2023/dsa-5417
		https://www.openssl.org/news/secadv/20230328.txt
		http://www.openwall.com/lists/oss-security/2023/09/28/4
1034720		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
2182565		https://bugzilla.redhat.com/show_bug.cgi?id=2182565
cpe:2.3:a:openssl:openssl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
CVE-2023-0466		https://nvd.nist.gov/vuln/detail/CVE-2023-0466
GLSA-202402-08		https://security.gentoo.org/glsa/202402-08
RHSA-2023:3722		https://access.redhat.com/errata/RHSA-2023:3722
RHSA-2023:7622		https://access.redhat.com/errata/RHSA-2023:7622
RHSA-2023:7623		https://access.redhat.com/errata/RHSA-2023:7623
RHSA-2023:7625		https://access.redhat.com/errata/RHSA-2023:7625
RHSA-2023:7626		https://access.redhat.com/errata/RHSA-2023:7626
USN-6039-1		https://usn.ubuntu.com/6039-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0466.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0466

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0466

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.gentoo.org/glsa/202402-08

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://security.gentoo.org/glsa/202402-08

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20230414-0001/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://security.netapp.com/advisory/ntap-20230414-0001/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://security.netapp.com/advisory/ntap-20230414-0001/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5417

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.debian.org/security/2023/dsa-5417

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://www.debian.org/security/2023/dsa-5417

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.openssl.org/news/secadv/20230328.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.openssl.org/news/secadv/20230328.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at https://www.openssl.org/news/secadv/20230328.txt

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2023/09/28/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/09/28/4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T17:11:17Z/ Found at http://www.openwall.com/lists/oss-security/2023/09/28/4

Exploit Prediction Scoring System (EPSS)

Percentile	0.55066
EPSS Score	0.00173
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.