The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash.
Created edk2 tracking bugs for this issue: Affects: fedora-36 [bug 2167889] Affects: fedora-37 [bug 2167897] Created mingw-openssl tracking bugs for this issue: Affects: fedora-36 [bug 2167890] Affects: fedora-37 [bug 2167896] Created openssl tracking bugs for this issue: Affects: fedora-36 [bug 2167891] Affects: fedora-37 [bug 2167898] Created openssl1.1 tracking bugs for this issue: Affects: fedora-36 [bug 2167892] Affects: fedora-37 [bug 2167899] Created openssl11 tracking bugs for this issue: Affects: epel-7 [bug 2167888] Created openssl3 tracking bugs for this issue: Affects: epel-8 [bug 2167887] Created shim tracking bugs for this issue: Affects: fedora-36 [bug 2167893] Affects: fedora-37 [bug 2167900] Created shim-unsigned-aarch64 tracking bugs for this issue: Affects: fedora-36 [bug 2167894] Affects: fedora-37 [bug 2167901] Created shim-unsigned-x64 tracking bugs for this issue: Affects: fedora-36 [bug 2167895] Affects: fedora-37 [bug 2167902]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0946 https://access.redhat.com/errata/RHSA-2023:0946
Do we have a schedule for when this will be fixed in RHEL 8?
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1199 https://access.redhat.com/errata/RHSA-2023:1199
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:1405 https://access.redhat.com/errata/RHSA-2023:1405
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0215
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2165 https://access.redhat.com/errata/RHSA-2023:2165
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2932 https://access.redhat.com/errata/RHSA-2023:2932
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:3408 https://access.redhat.com/errata/RHSA-2023:3408
This issue has been addressed in the following products: JBCS httpd 2.4.51.sp2 Via RHSA-2023:3355 https://access.redhat.com/errata/RHSA-2023:3355
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2023:3354 https://access.redhat.com/errata/RHSA-2023:3354
This issue has been addressed in the following products: Red Hat JBoss Web Server 5.7 on RHEL 7 Red Hat JBoss Web Server 5.7 on RHEL 8 Red Hat JBoss Web Server 5.7 on RHEL 9 Via RHSA-2023:3420 https://access.redhat.com/errata/RHSA-2023:3420
This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2023:3421 https://access.redhat.com/errata/RHSA-2023:3421
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4128 https://access.redhat.com/errata/RHSA-2023:4128
This comment was flagged a spam, view the edit history to see the original text if required.