openssl is vulnerable to Authorization Bypasses. X509_VERIFY_PARAM_add0_policy() allows certificates with invalid or incorrect policies to pass certificate verification, but is disabled by default in OpenSSL and not commonly used by applications.

References

www.openwall.com/lists/oss-security/2023/09/28/4

git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a

git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908

git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72

git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061

lists.debian.org/debian-lts-announce/2023/06/msg00011.html

secdb.alpinelinux.org/v3.17/main.yaml

security.gentoo.org/glsa/202402-08

security.netapp.com/advisory/ntap-20230414-0001/

www.debian.org/security/2023/dsa-5417

www.openssl.org/news/secadv/20230328.txt

alpinelinux 2

cbl_mariner 2

osv 14

ubuntucve 2

debiancve 2

nessus 63

cvelist 2

openssl 2

redhatcve 1

prion 2

nvd 2

cve 2

ibm 26

f5 1

openvas 41

freebsd 2

vulnrichment 1

cloudlinux 1

amazon 4

ubuntu 1

debian 2

cloudfoundry 1

almalinux 1

fedora 2

oraclelinux 2

redhat 12

rosalinux 1

aix 1

ics 2

mageia 1

gentoo 1

alpinelinux

CVE-2023-0466

2023-03-28 15:15:06

CVE-2022-3996

2022-12-13 16:15:22

cbl_mariner

CVE-2023-0466 affecting package openssl 1.1.1k-13

2023-04-20 19:17:28

CVE-2023-0466 affecting package openssl for versions less than 1.1.1k-23

2023-05-03 16:09:09

osv

CGA-p4g2-7g4f-7m9w

2024-09-25 05:29:46

CGA-qxmv-hwwh-fq8j

2024-06-06 12:29:11

CVE-2023-0466

2023-03-28 15:15:06

ubuntucve

CVE-2023-0466

2023-03-28 00:00:00

CVE-2022-3996

2022-12-13 00:00:00

debiancve

CVE-2023-0466

2023-03-28 15:15:06

CVE-2022-3996

2022-12-13 16:15:22

nessus

Siemens SIMATIC and SCALANCE Products Inadequate Encryption Strength (CVE-2023-0466)

2024-07-23 00:00:00

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-2337)

2023-07-09 00:00:00

FreeBSD : OpenSSL -- Multiple vulnerabilities (425b9538-ce5f-11ed-ade3-d4c9ef517024)

2023-03-29 00:00:00

cvelist

CVE-2023-0466 Certificate policy check not enabled

2023-03-28 14:30:49

CVE-2022-3996 X.509 Policy Constraints Double Locking

2022-12-13 15:43:06

openssl

Vulnerability in OpenSSL - Certificate policy check not enabled

2023-03-21 00:00:00

Vulnerability in OpenSSL - X.509 Policy Constraints Double Locking

2022-12-13 00:00:00

redhatcve

CVE-2023-0466

2023-03-30 09:13:38

prion

Design/Logic Flaw

2023-03-28 15:15:00

Design/Logic Flaw

2022-12-13 16:15:00

nvd

CVE-2023-0466

2023-03-28 15:15:06

CVE-2022-3996

2022-12-13 16:15:22

cve

CVE-2023-0466

2023-03-28 15:15:06

CVE-2022-3996

2022-12-13 16:15:22

ibm

Security Bulletin: Vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches.

2024-03-28 19:47:18

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

2024-05-01 21:19:39

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

2024-03-19 23:16:09

K000134574 : OpenSSL vulnerabilities CVE-2023-0465 and CVE-2023-0466

2023-05-11 00:00:00

openvas

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2317)

2023-07-10 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:1794-1)

2023-04-10 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:1922-1)

2023-04-20 00:00:00

freebsd

OpenSSL -- Multiple vulnerabilities

2023-03-28 00:00:00

Python -- multiple vulnerabilities

2022-06-08 00:00:00

vulnrichment

CVE-2022-3996 X.509 Policy Constraints Double Locking

2022-12-13 15:43:06

cloudlinux

openssl: Fix of 3 CVEs

2023-05-04 21:42:17

amazon

Medium: openssl11

2023-05-11 17:49:00

Medium: openssl

2023-06-05 16:39:00

Medium: openssl

2023-06-05 16:39:00

ubuntu

OpenSSL vulnerabilities

2023-04-25 00:00:00

debian

[SECURITY] [DLA 3449-1] openssl security update

2023-06-08 16:32:36

[SECURITY] [DSA 5417-1] openssl security update

2023-05-31 14:50:37

cloudfoundry

USN-6039-1: OpenSSL vulnerabilities | Cloud Foundry

2023-06-30 00:00:00

almalinux

Moderate: openssl security and bug fix update

2023-06-21 00:00:00

fedora

[SECURITY] Fedora 38 Update: openssl-3.0.9-1.fc38

2023-06-03 02:46:16

[SECURITY] Fedora 37 Update: openssl-3.0.9-1.fc37

2023-06-04 01:24:09

oraclelinux

openssl security and bug fix update

2023-06-22 00:00:00

openssl security update

2023-08-31 00:00:00

redhat

(RHSA-2023:3722) Moderate: openssl security and bug fix update

2023-06-21 13:52:15

(RHSA-2023:7622) Moderate: Red Hat JBoss Web Server 5.7.7 release and security update

2023-12-07 12:13:40

(RHSA-2023:7623) Moderate: Red Hat JBoss Web Server 5.7.7 release and security update

2023-12-07 12:35:41

rosalinux

Advisory ROSA-SA-2024-2366

2024-03-05 08:46:27

aix

Multiple vulnerabilities in OpenSSL affect AIX

2023-09-11 10:43:54

ics

Siemens SCALANCE XM-400, XR-500

2024-06-13 12:00:00

Siemens SIMATIC and SIPLUS

2024-06-13 12:00:00

mageia

Updated openssl packages fix security vulnerability

2023-04-11 22:02:20

gentoo

OpenSSL: Multiple Vulnerabilities

2024-02-04 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.002

Percentile

55.1%

JSON

Related for VERACODE:40018