发布于3月6日3月6日 Members Amazon Linux AMI 2: CVE-2023-0286: Security patch for edk2, openssl, openssl-snapsafe, openssl11 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 02/09/2023 Created 02/10/2023 Added 02/09/2023 Modified 01/28/2025 Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc amazon-linux-ami-2-upgrade-edk2-tools-python amazon-linux-ami-2-upgrade-openssl amazon-linux-ami-2-upgrade-openssl-debuginfo amazon-linux-ami-2-upgrade-openssl-devel amazon-linux-ami-2-upgrade-openssl-libs amazon-linux-ami-2-upgrade-openssl-perl amazon-linux-ami-2-upgrade-openssl-snapsafe amazon-linux-ami-2-upgrade-openssl-snapsafe-debuginfo amazon-linux-ami-2-upgrade-openssl-snapsafe-devel amazon-linux-ami-2-upgrade-openssl-snapsafe-libs amazon-linux-ami-2-upgrade-openssl-snapsafe-perl amazon-linux-ami-2-upgrade-openssl-snapsafe-static amazon-linux-ami-2-upgrade-openssl-static amazon-linux-ami-2-upgrade-openssl11 amazon-linux-ami-2-upgrade-openssl11-debuginfo amazon-linux-ami-2-upgrade-openssl11-devel amazon-linux-ami-2-upgrade-openssl11-libs amazon-linux-ami-2-upgrade-openssl11-static References https://attackerkb.com/topics/cve-2023-0286 AL2/ALAS-2023-1934 AL2/ALAS-2023-1935 AL2/ALAS-2024-2502 AL2/ALASOPENSSL-SNAPSAFE-2023-002 CVE - 2023-0286
