Lucene search

UbuntuUSN-5844-1

HistoryFeb 07, 2023 - 12:00 a.m.

OpenSSL vulnerabilities

2023-02-0700:00:00

ubuntu.com

ubuntu

openssl

vulnerabilities

x.400 address

x.509 certificate

rsa decryption

pem data

asn.1 data

pkcs7 data

dsa public keys

signatures

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.2%

JSON

Releases

Ubuntu 22.10
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 ESM

Packages

openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)

Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate
verification. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203)

Hubert Kario discovered that OpenSSL had a timing based side channel in the
OpenSSL RSA Decryption implementation. A remote attacker could possibly use
this issue to recover sensitive information. (CVE-2022-4304)

Dawei Wang discovered that OpenSSL incorrectly handled parsing certain PEM
data. A remote attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service. (CVE-2022-4450)

Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly
handled streaming ASN.1 data. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2023-0215)

Marc Schönefeld discovered that OpenSSL incorrectly handled malformed PKCS7
data. A remote attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service. This issue only affected Ubuntu
22.04 LTS and Ubuntu 22.10. (CVE-2023-0216)

Kurt Roeckx discovered that OpenSSL incorrectly handled validating certain
DSA public keys. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0217)

Hubert Kario and Dmitry Belyavsky discovered that OpenSSL incorrectly
validated certain signatures. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2023-0401)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.10noarchlibssl3< 3.0.5-2ubuntu2.1UNKNOWN
Ubuntu22.10noarchlibssl-dev< 3.0.5-2ubuntu2.1UNKNOWN
Ubuntu22.10noarchlibssl-doc< 3.0.5-2ubuntu2.1UNKNOWN
Ubuntu22.10noarchlibssl3-dbgsym< 3.0.5-2ubuntu2.1UNKNOWN
Ubuntu22.10noarchopenssl< 3.0.5-2ubuntu2.1UNKNOWN
Ubuntu22.10noarchopenssl-dbgsym< 3.0.5-2ubuntu2.1UNKNOWN
Ubuntu22.04noarchlibssl3< 3.0.2-0ubuntu1.8UNKNOWN
Ubuntu22.04noarchlibssl-dev< 3.0.2-0ubuntu1.8UNKNOWN
Ubuntu22.04noarchlibssl-doc< 3.0.2-0ubuntu1.8UNKNOWN
Ubuntu22.04noarchlibssl3-dbgsym< 3.0.2-0ubuntu1.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.10	noarch	libssl3	< 3.0.5-2ubuntu2.1	UNKNOWN
Ubuntu	22.10	noarch	libssl-dev	< 3.0.5-2ubuntu2.1	UNKNOWN
Ubuntu	22.10	noarch	libssl-doc	< 3.0.5-2ubuntu2.1	UNKNOWN
Ubuntu	22.10	noarch	libssl3-dbgsym	< 3.0.5-2ubuntu2.1	UNKNOWN
Ubuntu	22.10	noarch	openssl	< 3.0.5-2ubuntu2.1	UNKNOWN
Ubuntu	22.10	noarch	openssl-dbgsym	< 3.0.5-2ubuntu2.1	UNKNOWN
Ubuntu	22.04	noarch	libssl3	< 3.0.2-0ubuntu1.8	UNKNOWN
Ubuntu	22.04	noarch	libssl-dev	< 3.0.2-0ubuntu1.8	UNKNOWN
Ubuntu	22.04	noarch	libssl-doc	< 3.0.2-0ubuntu1.8	UNKNOWN
Ubuntu	22.04	noarch	libssl3-dbgsym	< 3.0.2-0ubuntu1.8	UNKNOWN