Описание
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect ...
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 2023.05-1 |
| esm-apps/bionic | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | released | 2022.02-3ubuntu0.22.04.4 |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | not-affected | 2023.05-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | uses system openssl1.0 |
| devel | not-affected | uses system openssl |
| esm-apps/bionic | not-affected | uses system openssl1.0 |
| esm-apps/focal | not-affected | uses system openssl |
| esm-apps/jammy | released | 12.22.9~dfsg-1ubuntu3.3 |
| esm-apps/noble | not-affected | uses system openssl |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | uses system openssl |
| focal | not-affected | uses system openssl |
| jammy | released | 12.22.9~dfsg-1ubuntu3.3 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.1.1-1ubuntu2.1~18.04.21 |
| devel | released | 3.0.8-1ubuntu1 |
| esm-infra-legacy/trusty | released | 1.0.1f-1ubuntu2.27+esm6 |
| esm-infra/bionic | released | 1.1.1-1ubuntu2.1~18.04.21 |
| esm-infra/focal | released | 1.1.1f-1ubuntu2.17 |
| esm-infra/xenial | released | 1.0.2g-1ubuntu4.20+esm6 |
| fips-preview/jammy | released | 3.0.2-0ubuntu1.8+fips.1 |
| fips-updates/bionic | released | 1.1.1-1ubuntu2.fips.2.1~18.04.21 |
| fips-updates/focal | released | 1.1.1f-1ubuntu2.fips.17 |
| fips-updates/jammy | released | 3.0.2-0ubuntu1.8+fips.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.0.2n-1ubuntu5.11 |
| esm-infra/bionic | released | 1.0.2n-1ubuntu5.11 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
Ссылки на источники
EPSS
7.4 High
CVSS3
Связанные уязвимости
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect ...
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect ap
There is a type confusion vulnerability relating to X.400 address proc ...
EPSS
7.4 High
CVSS3