UBUNTU-CVE-2023-0464
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2023-0464
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-0464.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-0464
- Related
- Published
- 2023-03-22T17:15:00Z
- Modified
- 2023-03-22T17:15:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the
-policy' argument to the command line utilities or by calling theX509VERIFYPARAMset1policies()' function. - References
Affected packages
Ubuntu:Pro:14.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.27+esm7?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.1f-1ubuntu2.27+esm7
Affected versions
1.*
1.0.1e-3ubuntu1
1.0.1e-4ubuntu1
1.0.1e-4ubuntu2
1.0.1e-4ubuntu3
1.0.1e-4ubuntu4
1.0.1f-1ubuntu1
1.0.1f-1ubuntu2
1.0.1f-1ubuntu2.1
1.0.1f-1ubuntu2.2
1.0.1f-1ubuntu2.3
1.0.1f-1ubuntu2.4
1.0.1f-1ubuntu2.5
1.0.1f-1ubuntu2.7
1.0.1f-1ubuntu2.8
1.0.1f-1ubuntu2.11
1.0.1f-1ubuntu2.12
1.0.1f-1ubuntu2.15
1.0.1f-1ubuntu2.16
1.0.1f-1ubuntu2.17
1.0.1f-1ubuntu2.18
1.0.1f-1ubuntu2.19
1.0.1f-1ubuntu2.20
1.0.1f-1ubuntu2.21
1.0.1f-1ubuntu2.22
1.0.1f-1ubuntu2.23
1.0.1f-1ubuntu2.24
1.0.1f-1ubuntu2.25
1.0.1f-1ubuntu2.26
1.0.1f-1ubuntu2.27
1.0.1f-1ubuntu2.27+esm1
1.0.1f-1ubuntu2.27+esm2
1.0.1f-1ubuntu2.27+esm3
1.0.1f-1ubuntu2.27+esm4
1.0.1f-1ubuntu2.27+esm5
1.0.1f-1ubuntu2.27+esm6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "low",
"binaries": [
{
"libssl1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.27+esm7",
"libssl-dev": "1.0.1f-1ubuntu2.27+esm7",
"libssl1.0.0": "1.0.1f-1ubuntu2.27+esm7",
"libssl-doc": "1.0.1f-1ubuntu2.27+esm7",
"libcrypto1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.27+esm7",
"libssl1.0.0-dbg": "1.0.1f-1ubuntu2.27+esm7",
"libssl-dev-dbgsym": "1.0.1f-1ubuntu2.27+esm7",
"openssl": "1.0.1f-1ubuntu2.27+esm7",
"openssl-dbgsym": "1.0.1f-1ubuntu2.27+esm7",
"libssl1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm7",
"libssl1.0.0-dbgsym": "1.0.1f-1ubuntu2.27+esm7",
"libcrypto1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm7"
}
]
}
Ubuntu:Pro:16.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.20+esm7?arch=src?distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2g-1ubuntu4.20+esm7
Affected versions
1.*
1.0.2d-0ubuntu1
1.0.2d-0ubuntu2
1.0.2e-1ubuntu1
1.0.2f-2ubuntu1
1.0.2g-1ubuntu2
1.0.2g-1ubuntu3
1.0.2g-1ubuntu4
1.0.2g-1ubuntu4.1
1.0.2g-1ubuntu4.2
1.0.2g-1ubuntu4.4
1.0.2g-1ubuntu4.5
1.0.2g-1ubuntu4.6
1.0.2g-1ubuntu4.8
1.0.2g-1ubuntu4.9
1.0.2g-1ubuntu4.10
1.0.2g-1ubuntu4.11
1.0.2g-1ubuntu4.12
1.0.2g-1ubuntu4.13
1.0.2g-1ubuntu4.14
1.0.2g-1ubuntu4.15
1.0.2g-1ubuntu4.16
1.0.2g-1ubuntu4.17
1.0.2g-1ubuntu4.18
1.0.2g-1ubuntu4.19
1.0.2g-1ubuntu4.20
1.0.2g-1ubuntu4.20+esm1
1.0.2g-1ubuntu4.20+esm2
1.0.2g-1ubuntu4.20+esm3
1.0.2g-1ubuntu4.20+esm4
1.0.2g-1ubuntu4.20+esm5
1.0.2g-1ubuntu4.20+esm6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "low",
"binaries": [
{
"libssl1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.20+esm7",
"libssl-dev": "1.0.2g-1ubuntu4.20+esm7",
"libssl1.0.0": "1.0.2g-1ubuntu4.20+esm7",
"libssl-doc": "1.0.2g-1ubuntu4.20+esm7",
"libcrypto1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.20+esm7",
"libssl1.0.0-dbg": "1.0.2g-1ubuntu4.20+esm7",
"libssl-dev-dbgsym": "1.0.2g-1ubuntu4.20+esm7",
"openssl": "1.0.2g-1ubuntu4.20+esm7",
"openssl-dbgsym": "1.0.2g-1ubuntu4.20+esm7",
"libssl1.0.0-udeb": "1.0.2g-1ubuntu4.20+esm7",
"libssl1.0.0-dbgsym": "1.0.2g-1ubuntu4.20+esm7",
"libcrypto1.0.0-udeb": "1.0.2g-1ubuntu4.20+esm7"
}
]
}
Ubuntu:Pro:16.04:LTS / edk2
Package
- Name
- edk2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:16.04:LTS / nodejs
Package
- Name
- nodejs
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:18.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.1~18.04.22?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1-1ubuntu2.1~18.04.22
Affected versions
1.*
1.0.2g-1ubuntu13
1.0.2g-1ubuntu14
1.0.2n-1ubuntu1
1.1.0g-2ubuntu1
1.1.0g-2ubuntu2
1.1.0g-2ubuntu3
1.1.0g-2ubuntu4
1.1.0g-2ubuntu4.1
1.1.0g-2ubuntu4.3
1.1.1-1ubuntu2.1~18.04.1
1.1.1-1ubuntu2.1~18.04.2
1.1.1-1ubuntu2.1~18.04.3
1.1.1-1ubuntu2.1~18.04.4
1.1.1-1ubuntu2.1~18.04.5
1.1.1-1ubuntu2.1~18.04.6
1.1.1-1ubuntu2.1~18.04.7
1.1.1-1ubuntu2.1~18.04.8
1.1.1-1ubuntu2.1~18.04.9
1.1.1-1ubuntu2.1~18.04.10
1.1.1-1ubuntu2.1~18.04.13
1.1.1-1ubuntu2.1~18.04.14
1.1.1-1ubuntu2.1~18.04.15
1.1.1-1ubuntu2.1~18.04.17
1.1.1-1ubuntu2.1~18.04.19
1.1.1-1ubuntu2.1~18.04.20
1.1.1-1ubuntu2.1~18.04.21
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libssl-doc": "1.1.1-1ubuntu2.1~18.04.22",
"libssl-dev": "1.1.1-1ubuntu2.1~18.04.22",
"libssl1.1-dbgsym": "1.1.1-1ubuntu2.1~18.04.22",
"libssl1.1-udeb": "1.1.1-1ubuntu2.1~18.04.22",
"libssl1.1": "1.1.1-1ubuntu2.1~18.04.22",
"openssl-dbgsym": "1.1.1-1ubuntu2.1~18.04.22",
"libcrypto1.1-udeb": "1.1.1-1ubuntu2.1~18.04.22",
"openssl": "1.1.1-1ubuntu2.1~18.04.22"
}
]
}
Ubuntu:18.04:LTS / openssl1.0
Package
- Name
- openssl1.0
- Purl
- pkg:deb/ubuntu/openssl1.0@1.0.2n-1ubuntu5.12?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.2n-1ubuntu5.12
Affected versions
1.*
1.0.2n-1ubuntu2
1.0.2n-1ubuntu3
1.0.2n-1ubuntu4
1.0.2n-1ubuntu5
1.0.2n-1ubuntu5.1
1.0.2n-1ubuntu5.2
1.0.2n-1ubuntu5.3
1.0.2n-1ubuntu5.4
1.0.2n-1ubuntu5.5
1.0.2n-1ubuntu5.6
1.0.2n-1ubuntu5.7
1.0.2n-1ubuntu5.8
1.0.2n-1ubuntu5.9
1.0.2n-1ubuntu5.10
1.0.2n-1ubuntu5.11
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libssl1.0.0-dbgsym": "1.0.2n-1ubuntu5.12",
"libssl1.0-dev": "1.0.2n-1ubuntu5.12",
"openssl1.0": "1.0.2n-1ubuntu5.12",
"openssl1.0-dbgsym": "1.0.2n-1ubuntu5.12",
"libssl1.0.0-udeb": "1.0.2n-1ubuntu5.12",
"libssl1.0.0": "1.0.2n-1ubuntu5.12",
"libcrypto1.0.0-udeb": "1.0.2n-1ubuntu5.12"
}
]
}
Ubuntu:Pro:18.04:LTS / edk2
Package
- Name
- edk2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0~20170911.*
0~20170911.5dfba97c-1
0~20171010.*
0~20171010.234dbcef-1
0~20171027.*
0~20171027.76fd5a66-1
0~20171205.*
0~20171205.a9212288-1
0~20180105.*
0~20180105.0bc94c74-1
0~20180205.*
0~20180205.c0d9813c-1
0~20180205.c0d9813c-2
0~20180205.c0d9813c-2ubuntu0.1
0~20180205.c0d9813c-2ubuntu0.2
0~20180205.c0d9813c-2ubuntu0.3
0~20180205.c0d9813c-2ubuntu0.3+esm1
Ubuntu:Pro:18.04:LTS / nodejs
Package
- Name
- nodejs
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.11.4~dfsg-1ubuntu1
6.11.4~dfsg-1ubuntu2
6.12.0~dfsg-1ubuntu1
6.12.0~dfsg-2ubuntu1
6.12.0~dfsg-2ubuntu2
8.*
8.10.0~dfsg-2
8.10.0~dfsg-2ubuntu0.2
8.10.0~dfsg-2ubuntu0.3
8.10.0~dfsg-2ubuntu0.4
8.10.0~dfsg-2ubuntu0.4+esm1
8.10.0~dfsg-2ubuntu0.4+esm2
8.10.0~dfsg-2ubuntu0.4+esm3
8.10.0~dfsg-2ubuntu0.4+esm4
8.10.0~dfsg-2ubuntu0.4+esm5
Ubuntu:20.04:LTS / edk2
Package
- Name
- edk2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0~20190606.*
0~20190606.20d2e5a1-2ubuntu1
0~20190828.*
0~20190828.37eef910-3
0~20190828.37eef910-4
0~20191122.*
0~20191122.bd85bf54-1
0~20191122.bd85bf54-1ubuntu1
0~20191122.bd85bf54-2
0~20191122.bd85bf54-2ubuntu1
0~20191122.bd85bf54-2ubuntu2
0~20191122.bd85bf54-2ubuntu3
0~20191122.bd85bf54-2ubuntu3.1
0~20191122.bd85bf54-2ubuntu3.2
0~20191122.bd85bf54-2ubuntu3.3
0~20191122.bd85bf54-2ubuntu3.4
0~20191122.bd85bf54-2ubuntu3.5
Ubuntu:20.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.18?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.1f-1ubuntu2.18
Affected versions
1.*
1.1.1c-1ubuntu4
1.1.1d-2ubuntu3
1.1.1d-2ubuntu6
1.1.1f-1ubuntu1
1.1.1f-1ubuntu2
1.1.1f-1ubuntu2.1
1.1.1f-1ubuntu2.2
1.1.1f-1ubuntu2.3
1.1.1f-1ubuntu2.4
1.1.1f-1ubuntu2.5
1.1.1f-1ubuntu2.8
1.1.1f-1ubuntu2.9
1.1.1f-1ubuntu2.10
1.1.1f-1ubuntu2.11
1.1.1f-1ubuntu2.12
1.1.1f-1ubuntu2.13
1.1.1f-1ubuntu2.15
1.1.1f-1ubuntu2.16
1.1.1f-1ubuntu2.17
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libssl-doc": "1.1.1f-1ubuntu2.18",
"libssl-dev": "1.1.1f-1ubuntu2.18",
"libssl1.1-dbgsym": "1.1.1f-1ubuntu2.18",
"libssl1.1-udeb": "1.1.1f-1ubuntu2.18",
"libssl1.1": "1.1.1f-1ubuntu2.18",
"openssl-dbgsym": "1.1.1f-1ubuntu2.18",
"libcrypto1.1-udeb": "1.1.1f-1ubuntu2.18",
"openssl": "1.1.1f-1ubuntu2.18"
}
]
}
Ubuntu:22.04:LTS / edk2
Package
- Name
- edk2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS / nodejs
Package
- Name
- nodejs
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.9?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.2-0ubuntu1.9
Affected versions
1.*
1.1.1l-1ubuntu1
3.*
3.0.0-1ubuntu1
3.0.1-0ubuntu1
3.0.2-0ubuntu1
3.0.2-0ubuntu1.1
3.0.2-0ubuntu1.2
3.0.2-0ubuntu1.4
3.0.2-0ubuntu1.5
3.0.2-0ubuntu1.6
3.0.2-0ubuntu1.7
3.0.2-0ubuntu1.8
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"libssl3": "3.0.2-0ubuntu1.9",
"libssl-dev": "3.0.2-0ubuntu1.9",
"openssl-dbgsym": "3.0.2-0ubuntu1.9",
"openssl": "3.0.2-0ubuntu1.9",
"libssl-doc": "3.0.2-0ubuntu1.9",
"libssl3-dbgsym": "3.0.2-0ubuntu1.9"
}
]
}
Ubuntu:24.04:LTS / edk2
Package
- Name
- edk2
- Purl
- pkg:deb/ubuntu/edk2@2023.11-5?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2023.11-5
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"qemu-efi-riscv64": "2023.11-5",
"efi-shell-riscv64": "2023.11-5",
"efi-shell-arm": "2023.11-5",
"qemu-efi-arm": "2023.11-5",
"ovmf-ia32": "2023.11-5",
"efi-shell-ia32": "2023.11-5",
"qemu-efi-aarch64": "2023.11-5",
"efi-shell-x64": "2023.11-5",
"ovmf": "2023.11-5",
"efi-shell-aa64": "2023.11-5"
}
]
}