openssl is vulnerable to Authorization Bypasses. X509_VERIFY_PARAM_add0_policy() allows certificates with invalid or incorrect policies to pass certificate verification, but is disabled by default in OpenSSL and not commonly used by applications.
www.openwall.com/lists/oss-security/2023/09/28/4
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061
lists.debian.org/debian-lts-announce/2023/06/msg00011.html
secdb.alpinelinux.org/v3.17/main.yaml
security.gentoo.org/glsa/202402-08
security.netapp.com/advisory/ntap-20230414-0001/
www.debian.org/security/2023/dsa-5417
www.openssl.org/news/secadv/20230328.txt