CVE-2023-0216

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-0216

CGA ID

CGA-82jr-fq2j-892g

Severity

Unknown

Description

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.

The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

References

https://images.chainguard.dev/security/CGA-82jr-fq2j-892g
https://github.com/advisories/GHSA-29xx-hcv2-c4cp
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6
https://security.gentoo.org/glsa/202402-08
https://www.openssl.org/news/secadv/20230207.txt
https://security.alpinelinux.org/vuln/CVE-2023-0216
https://security-tracker.debian.org/tracker/CVE-2023-0216

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2023-0216

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources