vulnerability
CentOS Linux: CVE-2023-0216: Important: openssl security and bug fix update (CESA-2023:0946)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2023-02-08 | 2023-03-01 | 2025-01-28 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2023-02-08
Added
2023-03-01
Modified
2025-01-28
Description
An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.
Solution(s)
centos-upgrade-opensslcentos-upgrade-openssl-debuginfocentos-upgrade-openssl-debugsourcecentos-upgrade-openssl-develcentos-upgrade-openssl-libscentos-upgrade-openssl-libs-debuginfocentos-upgrade-openssl-perl
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.