Описание
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bu...
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | not-affected | code not present |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | code not present |
| focal | not-affected | code not present |
| hirsute | not-affected | code not present |
| impish | not-affected | code not present |
| jammy | not-affected | code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | uses system openssl1.0 |
| devel | not-affected | uses system openssl1.1 |
| esm-apps/bionic | not-affected | uses system openssl1.0 |
| esm-apps/focal | not-affected | uses system openssl1.1 |
| esm-apps/jammy | not-affected | uses system openssl1.1 |
| esm-apps/xenial | not-affected | uses system openssl |
| esm-infra-legacy/trusty | not-affected | uses system openssl |
| focal | not-affected | uses system openssl1.1 |
| hirsute | not-affected | uses system openssl1.1 |
| impish | not-affected | uses system openssl1.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | released | 3.0.1-0ubuntu1 |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| fips-updates/bionic | not-affected | code not present |
| fips-updates/focal | not-affected | code not present |
| fips-updates/xenial | not-affected | code not present |
| fips/bionic | not-affected | code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| trusty | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bu...
Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug i
Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...
Invalid handling of `X509_verify_cert()` internal errors in libssl
Уязвимость функции X509_verify_cert() библиотеки OpenSSL, связанная с выполнением цикла с недоступным условием выхода, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3