Bug 2164500 (CVE-2023-0401)
| Summary: | CVE-2023-0401 openssl: NULL dereference during PKCS7 data verification | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acrosby, adudiak, bdettelb, berrange, bootloader-eng-team, caswilli, cllang, csutherl, dbelyavs, ddepaula, dffrench, dfreiber, dhalasz, dkuc, drieden, fjansen, gzaronik, hbraun, hkario, hkataria, ikanias, jary, jburrell, jclere, jferlan, jkoehler, jmitchel, jtanner, jwon, kaycoth, kraxel, kshier, micjohns, mmadzin, mturk, ngough, nweather, pbonzini, peholase, pjindal, plodge, rgodfrey, rh-spice-bugs, rogbas, rravi, saroy, security-response-team, stcannon, sthirugn, szappis, tfister, tohughes, virt-maint, vkrizan, vkumar, vmugicag, yguenane, zmiele |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available, the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API, most likely leading to a crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-03-14 18:01:41 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2164578, 2164579, 2166352, 2167849, 2167853, 2167860 | ||
| Bug Blocks: | 2164384 | ||
|
Description
Marian Rehak
2023-01-25 15:51:48 UTC
*** Bug 2160756 has been marked as a duplicate of this bug. *** *** Bug 2160837 has been marked as a duplicate of this bug. *** Created edk2 tracking bugs for this issue: Affects: fedora-36 [bug 2167851] Affects: fedora-37 [bug 2167859] Created mingw-openssl tracking bugs for this issue: Affects: fedora-36 [bug 2167852] Affects: fedora-37 [bug 2167858] Created openssl tracking bugs for this issue: Affects: fedora-36 [bug 2167853] Affects: fedora-37 [bug 2167860] Created openssl1.1 tracking bugs for this issue: Affects: fedora-36 [bug 2167854] Affects: fedora-37 [bug 2167861] Created openssl11 tracking bugs for this issue: Affects: epel-7 [bug 2167850] Created openssl3 tracking bugs for this issue: Affects: epel-8 [bug 2167849] Created shim tracking bugs for this issue: Affects: fedora-36 [bug 2167855] Affects: fedora-37 [bug 2167862] Created shim-unsigned-aarch64 tracking bugs for this issue: Affects: fedora-36 [bug 2167856] Affects: fedora-37 [bug 2167863] Created shim-unsigned-x64 tracking bugs for this issue: Affects: fedora-36 [bug 2167857] Affects: fedora-37 [bug 2167864] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0946 https://access.redhat.com/errata/RHSA-2023:0946 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1199 https://access.redhat.com/errata/RHSA-2023:1199 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0401 |