GHSA-29xx-hcv2-c4cp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-29xx-hcv2-c4cp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-29xx-hcv2-c4cp/GHSA-29xx-hcv2-c4cp.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-29xx-hcv2-c4cp
- Aliases
- Related
- Published
- 2023-02-08T22:23:39Z
- Modified
- 2025-11-04T22:09:03Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- openssl-src subject to Invalid pointer dereference in `d2i_PKCS7` functions
- Details
-
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the
d2i_PKCS7(),d2i_PKCS7_bio()ord2i_PKCS7_fp()functions.The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.
- Database specific
{ "cwe_ids": [ "CWE-476" ], "severity": "HIGH", "github_reviewed_at": "2023-02-08T22:23:39Z", "nvd_published_at": "2023-02-08T20:15:00Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-0216
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003
- https://rustsec.org/advisories/RUSTSEC-2023-0011.html
- https://security.gentoo.org/glsa/202402-08
- https://www.openssl.org/news/secadv/20230207.txt
Affected packages
crates.io / openssl-src
Package
- Name
- openssl-src
- View open source insights on deps.dev
- Purl
- pkg:cargo/openssl-src