CVE-2023-0216

HIGH7.5EPSS 0.85%

Invalid pointer dereference in `d2i_PKCS7` functions

Published: 2/8/2023Modified: 11/8/2023

Also known as:GHSA-29xx-hcv2-c4cpALPINE-CVE-2023-0216CGA-8w7j-4g85-46jgRUSTSEC-2023-0011

Description

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the `d2i_PKCS7()`, `d2i_PKCS7_bio()` or `d2i_PKCS7_fp()` functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

Affected packages (5)

Alpine/opensslfrom 0, < 3.0.8-r0
Alpine/openssl3from 0, < 3.0.8-r0
crates.io/openssl-src>= 300.0.0, < 300.0.12
crates.io/openssl-src>= 300.0.0, < 300.0.12
Debian/opensslfrom 0, < 3.0.8-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (9)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-0216
ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2023-0216
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-0216
PATCHhttps://crates.io/crates/openssl-src
WEBhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6
WEBhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
WEBhttps://rustsec.org/advisories/RUSTSEC-2023-0011.html
WEBhttps://security.gentoo.org/glsa/202402-08
WEBhttps://www.openssl.org/news/secadv/20230207.txt