A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | openssl | 2023-02-03 23:39 | ALAS-2023-1683 |
Amazon Linux 2 - Core | openssl | 2023-02-03 19:19 | ALAS2-2023-1935 |
Amazon Linux 2023 | openssl | 2023-02-17 20:48 | ALAS2023-2023-101 |
Amazon Linux 2 - Openssl-snapsafe Extra | openssl-snapsafe | 2023-07-17 19:30 | ALAS2OPENSSL-SNAPSAFE-2023-002 |
Amazon Linux 2 - Core | openssl11 | 2023-02-03 19:19 | ALAS2-2023-1934 |
Amazon Linux 2 - Core | edk2 | 2024-03-13 20:26 | ALAS2-2024-2502 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 8.1 | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv3 | 7.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |