ISHACK AI BOT

Red Hat: CVE-2022-44566: Important: Satellite 6.14 security and bug fix update (RHSA-2023:6818) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References CVE-2022-44566

Gentoo Linux: CVE-2022-4450: OpenSSL: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/30/2025 Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. Solution(s) gentoo-linux-upgrade-dev-libs-openssl References https://attackerkb.com/topics/cve-2022-4450 CVE - 2022-4450 202402-08

Debian: CVE-2022-4304: openssl -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/09/2023 Created 02/10/2023 Added 02/09/2023 Modified 01/28/2025 Description A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2022-4304 CVE - 2022-4304 DSA-5343-1

Alpine Linux: CVE-2022-43552: Use After Free Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2022-43552 CVE - 2022-43552 https://security.alpinelinux.org/vuln/CVE-2022-43552

OS X update for ColorSync (CVE-2022-43552) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2023-22799: Important: Satellite 6.14 security and bug fix update (RHSA-2023:6818) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References CVE-2023-22799

Debian: CVE-2023-22792: rails -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Solution(s) debian-upgrade-rails References https://attackerkb.com/topics/cve-2023-22792 CVE - 2023-22792 DSA-5372 DSA-5372-1

Debian: CVE-2023-22795: rails -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Solution(s) debian-upgrade-rails References https://attackerkb.com/topics/cve-2023-22795 CVE - 2023-22795 DSA-5372 DSA-5372-1

Debian: CVE-2023-0215: openssl -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 02/10/2023 Added 02/09/2023 Modified 01/28/2025 Description The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2023-0215 CVE - 2023-0215 DSA-5343-1

Debian: CVE-2022-44566: rails -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. Solution(s) debian-upgrade-rails References https://attackerkb.com/topics/cve-2022-44566 CVE - 2022-44566

Debian: CVE-2023-22796: rails -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 03/15/2023 Added 03/14/2023 Modified 01/28/2025 Description A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. Solution(s) debian-upgrade-rails References https://attackerkb.com/topics/cve-2023-22796 CVE - 2023-22796 DSA-5372 DSA-5372-1

Amazon Linux AMI 2: CVE-2022-4450: Security patch for edk2, openssl11 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 02/10/2023 Added 02/09/2023 Modified 01/30/2025 Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc amazon-linux-ami-2-upgrade-edk2-tools-python amazon-linux-ami-2-upgrade-openssl11 amazon-linux-ami-2-upgrade-openssl11-debuginfo amazon-linux-ami-2-upgrade-openssl11-devel amazon-linux-ami-2-upgrade-openssl11-libs amazon-linux-ami-2-upgrade-openssl11-static References https://attackerkb.com/topics/cve-2022-4450 AL2/ALAS-2023-1934 AL2/ALAS-2024-2502 CVE - 2022-4450

Huawei EulerOS: CVE-2022-4450: openssl111d security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. Solution(s) huawei-euleros-2_0_sp5-upgrade-openssl111d huawei-euleros-2_0_sp5-upgrade-openssl111d-devel huawei-euleros-2_0_sp5-upgrade-openssl111d-libs huawei-euleros-2_0_sp5-upgrade-openssl111d-static References https://attackerkb.com/topics/cve-2022-4450 CVE - 2022-4450 EulerOS-SA-2023-2162

Huawei EulerOS: CVE-2023-0215: openssl security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. Solution(s) huawei-euleros-2_0_sp10-upgrade-openssl huawei-euleros-2_0_sp10-upgrade-openssl-libs huawei-euleros-2_0_sp10-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-0215 CVE - 2023-0215 EulerOS-SA-2023-1982

Alma Linux: CVE-2023-0215: Important: openssl security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 03/02/2023 Added 03/01/2023 Modified 01/28/2025 Description The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. Solution(s) alma-upgrade-edk2-aarch64 alma-upgrade-edk2-ovmf alma-upgrade-edk2-tools alma-upgrade-edk2-tools-doc alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-0215 CVE - 2023-0215 https://errata.almalinux.org/8/ALSA-2023-1405.html https://errata.almalinux.org/8/ALSA-2023-2932.html https://errata.almalinux.org/9/ALSA-2023-0946.html https://errata.almalinux.org/9/ALSA-2023-2165.html

F5 Networks: CVE-2023-0286: K000132941: OpenSSL vulnerability CVE-2023-0286 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 02/08/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-0286 CVE - 2023-0286 https://my.f5.com/manage/s/article/K000132941

Huawei EulerOS: CVE-2022-4450: openssl security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/30/2025 Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. Solution(s) huawei-euleros-2_0_sp10-upgrade-openssl huawei-euleros-2_0_sp10-upgrade-openssl-libs huawei-euleros-2_0_sp10-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2022-4450 CVE - 2022-4450 EulerOS-SA-2023-1982

Google Chrome Vulnerability: CVE-2023-0700 Inappropriate implementation in Download Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 02/08/2023 Created 02/08/2023 Added 02/08/2023 Modified 01/28/2025 Description Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-0700 CVE - 2023-0700 https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html https://crbug.com/1393732

Huawei EulerOS: CVE-2023-0286: openssl security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 02/08/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. Solution(s) huawei-euleros-2_0_sp5-upgrade-openssl huawei-euleros-2_0_sp5-upgrade-openssl-devel huawei-euleros-2_0_sp5-upgrade-openssl-libs References https://attackerkb.com/topics/cve-2023-0286 CVE - 2023-0286 EulerOS-SA-2023-2161

CentOS Linux: CVE-2022-4304: Important: openssl security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/08/2023 Created 03/02/2023 Added 03/01/2023 Modified 01/28/2025 Description A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. Solution(s) centos-upgrade-edk2-ovmf centos-upgrade-openssl centos-upgrade-openssl-debuginfo centos-upgrade-openssl-debugsource centos-upgrade-openssl-devel centos-upgrade-openssl-libs centos-upgrade-openssl-libs-debuginfo centos-upgrade-openssl-perl References CVE-2022-4304

Alpine Linux: CVE-2022-4450: Double Free Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. Solution(s) alpine-linux-upgrade-openssl alpine-linux-upgrade-openssl3 alpine-linux-upgrade-openssl1.1-compat References https://attackerkb.com/topics/cve-2022-4450 CVE - 2022-4450 https://security.alpinelinux.org/vuln/CVE-2022-4450

CentOS Linux: CVE-2022-4450: Important: openssl security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 03/02/2023 Added 03/01/2023 Modified 01/28/2025 Description The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. Solution(s) centos-upgrade-edk2-ovmf centos-upgrade-openssl centos-upgrade-openssl-debuginfo centos-upgrade-openssl-debugsource centos-upgrade-openssl-devel centos-upgrade-openssl-libs centos-upgrade-openssl-libs-debuginfo centos-upgrade-openssl-perl References CVE-2022-4450

Alpine Linux: CVE-2023-0215: Use After Free Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. Solution(s) alpine-linux-upgrade-openssl alpine-linux-upgrade-openssl3 alpine-linux-upgrade-openssl1.1-compat References https://attackerkb.com/topics/cve-2023-0215 CVE - 2023-0215 https://security.alpinelinux.org/vuln/CVE-2023-0215

SonicWall SMA 100: CVE-2023-0401: Impact of OpenSSL Vulnerabilities Advisory Released On February 7, 2023 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 04/04/2023 Added 04/03/2023 Modified 01/28/2025 Description A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data. Solution(s) sonicwall-sma-100-upgrade-10_2_1_7-50 References https://attackerkb.com/topics/cve-2023-0401 CVE - 2023-0401 https://www.openssl.org/news/secadv/20230207.txt

Alpine Linux: CVE-2023-0216: NULL Pointer Dereference Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/08/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data. Solution(s) alpine-linux-upgrade-openssl3 alpine-linux-upgrade-openssl References https://attackerkb.com/topics/cve-2023-0216 CVE - 2023-0216 https://security.alpinelinux.org/vuln/CVE-2023-0216