exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2023-0464

Status Candidate

Overview

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Related Files

Red Hat Security Advisory 2023-4335-01
Posted Aug 8, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4335-01 - The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-28805, CVE-2022-36227, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539
SHA-256 | 81b639b773dc9bc98d3be0e65210b5f630f2ddc9a2cc9d106f9c169b18da4f25
Red Hat Security Advisory 2023-4437-01
Posted Aug 3, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4437-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-46663, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-24329, CVE-2023-2650, CVE-2023-3089
SHA-256 | b3530c5e1de0b48d40f2087f1864fd1ae4261d52afa532f4eb9b4dceb7a0c092
Red Hat Security Advisory 2023-4226-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2022-46663, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-1260, CVE-2023-24329, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-25173
SHA-256 | ce4492864dcb382a006d5197438c039f97330f652c6c8aed7cc631262735dfe7
Red Hat Security Advisory 2023-4290-01
Posted Jul 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2021-46848, CVE-2022-1271, CVE-2022-1304, CVE-2022-2509, CVE-2022-28805, CVE-2022-34903, CVE-2022-35737, CVE-2022-36227, CVE-2022-3715, CVE-2022-40303, CVE-2022-40304, CVE-2022-47629, CVE-2023-0464
SHA-256 | 1e2b8ec0277e95d223b5e93c67cebd05ba8613dd04c6a60f215d9837febfb0b2
Red Hat Security Advisory 2023-4091-01
Posted Jul 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41717, CVE-2022-41723, CVE-2022-4304, CVE-2022-4450, CVE-2022-46663, CVE-2023-0215, CVE-2023-0361, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-1260, CVE-2023-2253, CVE-2023-24329
SHA-256 | 5fffb192f782f6a62532ee7fa26b357fcb1d898b1d066d385c135895e70cea38
Red Hat Security Advisory 2023-3925-01
Posted Jul 7, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41717, CVE-2022-41724, CVE-2022-41725, CVE-2022-46663, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-24329, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24540
SHA-256 | 724accdac3b7f95b4f3363d179ec538613ecd750bc64aa5314da609103e8ad20
Red Hat Security Advisory 2023-3905-01
Posted Jun 30, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3905-01 - Network Observability 1.3.0 is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. This update contains bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-28805, CVE-2022-36227, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-24539, CVE-2023-24540, CVE-2023-2650, CVE-2023-27535, CVE-2023-29400
SHA-256 | 9c1a4b3b6b1779c22972b35dae1d77dc4ebc7de0dffbdefb344d5318801994ff
Red Hat Security Advisory 2023-3722-01
Posted Jun 22, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include buffer over-read and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650
SHA-256 | e1612faff6f424cfc97b4e21cc06d8f464dc4df56c7dcf975e3d7e907960a248
Debian Security Advisory 5417-1
Posted May 31, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5417-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650
SHA-256 | 0562c60082b5ec1e7ee72e0195d29f8e00ba947650e8adc9a2c11de5a7962712
OpenSSL Toolkit 3.1.1
Posted May 30, 2023
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.1.x series is the current major version of OpenSSL.

Changes: Mitigation for for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms. Fixed documentation of X509_VERIFY_PARAM_add0_policy(). Fixed handling of invalid certificate policies in leaf certificates. Limited the number of nodes created in a policy tree.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650
SHA-256 | b3aa61334233b852b63ddb048df181177c2c659eb9d4376008118f9c08d07674
OpenSSL Toolkit 3.0.9
Posted May 30, 2023
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.

Changes: Mitigation for for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms. Fixed documentation of X509_VERIFY_PARAM_add0_policy(). Fixed handling of invalid certificate policies in leaf certificates. Limited the number of nodes created in a policy tree.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-2650
SHA-256 | eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90
OpenSSL Toolkit 1.1.1u
Posted May 30, 2023
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

Changes: Mitigation for for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. Fixed documentation of X509_VERIFY_PARAM_add0_policy(). Fixed handling of invalid certificate policies in leaf certificates. Limited the number of nodes created in a policy tree.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650
SHA-256 | e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6
Ubuntu Security Notice USN-6039-1
Posted Apr 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6039-1 - It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a user or automated system were tricked into processing a certificate chain with specially crafted policy constraints, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. David Benjamin discovered that OpenSSL was not properly performing the verification of X.509 certificate chains that include policy constraints, which could lead to excessive resource consumption. If a user or automated system were tricked into processing a specially crafted X.509 certificate chain that includes policy constraints, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-3996, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466
SHA-256 | eadba9a6b350964348dfb8cdb88af943d8fef03500b5392c3de74160dd5725ad
OpenSSL Security Advisory 20230322
Posted Mar 22, 2023
Site openssl.org

OpenSSL Security Advisory 20230322 - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.

tags | advisory
advisories | CVE-2023-0464
SHA-256 | 7b03359b9fc8f357f8b0fd5e0e7a05a04c2c8ac49b1018bb2ee2e59b2b1927b3
Page 1 of 1
Back1Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close