VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-uua4-ygek-aaah

Essentials
Severities (121)
References (40)
Severity details (34)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-uua4-ygek-aaah
Aliases	CVE-2023-0215 GHSA-r7jw-wp68-3xch
Summary	The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-416	Use After Free
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00346	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00437	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.0045	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.0045	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.0045	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.0045	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.0045	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.0045	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00636	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.00692	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
epss	0.0102	https://api.first.org/data/v1/epss?cve=CVE-2023-0215
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-r7jw-wp68-3xch
cvssv3.1	7.5	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
generic_textual	HIGH	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
cvssv3.1	7.5	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
generic_textual	HIGH	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
cvssv3.1	7.5	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
generic_textual	HIGH	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-0215
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-0215
cvssv3.1	7.5	https://rustsec.org/advisories/RUSTSEC-2023-0009.html
generic_textual	HIGH	https://rustsec.org/advisories/RUSTSEC-2023-0009.html
cvssv3.1	7.5	https://security.gentoo.org/glsa/202402-08
ssvc	Track	https://security.gentoo.org/glsa/202402-08
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230427-0007
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20230427-0007
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230427-0007/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230427-0007/
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230427-0009
generic_textual	HIGH	https://security.netapp.com/advisory/ntap-20230427-0009
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20230427-0009/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230427-0009/
cvssv3.1	6.5	https://security.netapp.com/advisory/ntap-20240621-0006
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240621-0006
cvssv3.1	7.5	https://security.netapp.com/advisory/ntap-20240621-0006/
ssvc	Track	https://security.netapp.com/advisory/ntap-20240621-0006/
cvssv3.1	7.4	https://www.openssl.org/news/secadv/20230207.txt
cvssv3.1	7.5	https://www.openssl.org/news/secadv/20230207.txt
generic_textual	HIGH	https://www.openssl.org/news/secadv/20230207.txt
ssvc	Track	https://www.openssl.org/news/secadv/20230207.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-0215
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
		https://rustsec.org/advisories/RUSTSEC-2023-0009.html
		https://security.netapp.com/advisory/ntap-20230427-0007
		https://security.netapp.com/advisory/ntap-20230427-0007/
		https://security.netapp.com/advisory/ntap-20230427-0009
		https://security.netapp.com/advisory/ntap-20230427-0009/
		https://security.netapp.com/advisory/ntap-20240621-0006
		https://security.netapp.com/advisory/ntap-20240621-0006/
		https://www.openssl.org/news/secadv/20230207.txt
2164492		https://bugzilla.redhat.com/show_bug.cgi?id=2164492
cpe:2.3:a:openssl:openssl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
cpe:2.3:a:stormshield:stormshield_management_center::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:stormshield:stormshield_management_center::::::::
CVE-2023-0215		https://nvd.nist.gov/vuln/detail/CVE-2023-0215
GHSA-r7jw-wp68-3xch		https://github.com/advisories/GHSA-r7jw-wp68-3xch
GLSA-202402-08		https://security.gentoo.org/glsa/202402-08
RHSA-2023:0946		https://access.redhat.com/errata/RHSA-2023:0946
RHSA-2023:1199		https://access.redhat.com/errata/RHSA-2023:1199
RHSA-2023:1405		https://access.redhat.com/errata/RHSA-2023:1405
RHSA-2023:2165		https://access.redhat.com/errata/RHSA-2023:2165
RHSA-2023:2932		https://access.redhat.com/errata/RHSA-2023:2932
RHSA-2023:3354		https://access.redhat.com/errata/RHSA-2023:3354
RHSA-2023:3355		https://access.redhat.com/errata/RHSA-2023:3355
RHSA-2023:3408		https://access.redhat.com/errata/RHSA-2023:3408
RHSA-2023:3420		https://access.redhat.com/errata/RHSA-2023:3420
RHSA-2023:3421		https://access.redhat.com/errata/RHSA-2023:3421
RHSA-2023:4128		https://access.redhat.com/errata/RHSA-2023:4128
USN-5844-1		https://usn.ubuntu.com/5844-1/
USN-5845-1		https://usn.ubuntu.com/5845-1/
USN-5845-2		https://usn.ubuntu.com/5845-2/
USN-6564-1		https://usn.ubuntu.com/6564-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0215.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0215

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0215

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://rustsec.org/advisories/RUSTSEC-2023-0009.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.gentoo.org/glsa/202402-08

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://security.gentoo.org/glsa/202402-08

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230427-0007

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230427-0007/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://security.netapp.com/advisory/ntap-20230427-0007/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230427-0009

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230427-0009/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://security.netapp.com/advisory/ntap-20230427-0009/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20240621-0006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240621-0006/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://security.netapp.com/advisory/ntap-20240621-0006/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://www.openssl.org/news/secadv/20230207.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openssl.org/news/secadv/20230207.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:26:40Z/ Found at https://www.openssl.org/news/secadv/20230207.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.38925
EPSS Score	0.00167
Published At	June 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.