CVE-2023-0286: X.400 address type confusion in X.509 GeneralName

Published Jan 25, 2023
·
Updated

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509VFLAGCRLCHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.

Other sources

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and https://www.openssl.org/news/secadv/20230207.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

GitHub

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequently interpreted by the OpenSSL function GENERALNAMEcmp as an ASN1TYPE rather than an ASN1STRING.

When CRL checking is enabled (i.e. the application sets the X509VFLAGCRLCHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

NVD

Affected Software

42 affected componentsFixes available
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
1:1.1.1k-14.el7
redhat/openssl<0:1.0.1e-61.el6_10
0:1.0.1e-61.el6_10
redhat/openssl<1:1.0.2k-26.el7_9
1:1.0.2k-26.el7_9
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
1:1.1.1k-9.el8_7
redhat/openssl<1:1.1.1c-6.el8_1
1:1.1.1c-6.el8_1
redhat/edk2<0:20190829git37eef91017ad-9.el8_2.2
0:20190829git37eef91017ad-9.el8_2.2
redhat/openssl<1:1.1.1c-21.el8_2
1:1.1.1c-21.el8_2
redhat/edk2<0:20200602gitca407c7246bf-4.el8_4.3
0:20200602gitca407c7246bf-4.el8_4.3
redhat/openssl<1:1.1.1g-18.el8_4
1:1.1.1g-18.el8_4
redhat/edk2<0:20220126gitbb1bba3d77-2.el8_6.1
0:20220126gitbb1bba3d77-2.el8_6.1
redhat/openssl<1:1.1.1k-8.el8_6
1:1.1.1k-8.el8_6
redhat/openssl<1:3.0.1-47.el9_1
1:3.0.1-47.el9_1
redhat/edk2<0:20221207gitfff6d81270b5-9.el9_2
0:20221207gitfff6d81270b5-9.el9_2
redhat/openssl<1:3.0.1-46.el9_0
1:3.0.1-46.el9_0
redhat/edk2<0:20220126gitbb1bba3d77-3.el9_0.2
0:20220126gitbb1bba3d77-3.el9_0.2
redhat/jws5-tomcat-native<0:1.2.31-14.redhat_14.el7
0:1.2.31-14.redhat_14.el7
redhat/jws5-tomcat-native<0:1.2.31-14.redhat_14.el8
0:1.2.31-14.redhat_14.el8
redhat/jws5-tomcat-native<0:1.2.31-14.redhat_14.el9
0:1.2.31-14.redhat_14.el9
rust/openssl-src>=300.0.0<300.0.12
300.0.12
rust/openssl-src<111.25.0
111.25.0
pip/cryptography>=0.8.1<39.0.1
39.0.1
debian/openssl
1.1.1w-0+deb11u11.1.1n-0+deb11u53.0.14-1~deb12u13.0.14-1~deb12u23.3.2-1
OpenSSL OpenSSL>=1.0.2<1.0.2zg
OpenSSL OpenSSL>=1.1.1<1.1.1t
OpenSSL OpenSSL>=3.0.0<3.0.8
Stormshield Stormshield Management Center<3.3.3
Stormshield Stormshield Network Security>=2.7.0<2.7.11
Stormshield Stormshield Network Security>=2.8.0<3.7.34
Stormshield Stormshield Network Security>=3.8.0<3.11.22
Stormshield Stormshield Network Security>=4.0.0<4.3.16
Stormshield Stormshield Network Security>=4.4.0<4.6.3
F5 BIG-IP>=17.0.0<=17.1.0
17.1.1
F5 BIG-IP>=16.1.0<=16.1.3
16.1.4
F5 BIG-IP>=15.1.0<=15.1.9
15.1.10
F5 BIG-IP>=14.1.0<=14.1.5
F5 BIG-IP>=13.1.0<=13.1.5
F5 BIG-IQ Centralized Management>=8.0.0<=8.4.0
F5 BIG-IQ Centralized Management=7.1.0
F5 Traffix SDC=5.2.0
IBM Edge Application Manager<=4.5

Remediation

Patch Available

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

Patch Available

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

Patch Available

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

Information

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Event History

Jan 25, 2023
Data Sourced
via Red Hat·02:49 PM
DescriptionSeverityAffected Software
Feb 7, 2023
CVE Published
12:00 AM
Feb 8, 2023
CVE Published
via MITRE·07:01 PM
Data Sourced
via MITRE·07:01 PM
DescriptionWeakness
Data Sourced
via NVD·08:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Advisory Published
via GitHub·10:17 PM
Mar 13, 2023
Advisory Published
via F5·07:33 PM
Feb 17, 2024
Data Sourced
via Launchpad·12:36 AM
Description
Sep 16, 2024
Data Sourced
via Ubuntu·03:45 AM
RemedyDescriptionSeverityAffected Software
Aug 20, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID of this OpenSSL vulnerability?

The vulnerability ID is CVE-2023-0286.

2

What is the severity rating of CVE-2023-0286?

CVE-2023-0286 has a severity rating of 8.2, which is considered high.

3

Which software versions are affected by CVE-2023-0286?

CVE-2023-0286 affects multiple versions of OpenSSL, ranging from 1.0.2 to 3.0.8.

4

What is the impact of CVE-2023-0286?

CVE-2023-0286 can lead to a denial of service (DoS) due to a type confusion error related to X.400 address processing.

5

Where can I find more information about CVE-2023-0286 and its patch?

You can find more information about CVE-2023-0286 and its patch at the provided references.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2023-0286 - X.400 address type confusion in X.509 GeneralName - SecAlerts