An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.
Created openssl tracking bugs for this issue: Affects: fedora-36 [bug 2167885] Affects: fedora-37 [bug 2167886] Created openssl3 tracking bugs for this issue: Affects: epel-8 [bug 2167884]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0946 https://access.redhat.com/errata/RHSA-2023:0946
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1199 https://access.redhat.com/errata/RHSA-2023:1199
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0216