A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash.
*** Bug 2160756 has been marked as a duplicate of this bug. ***
*** Bug 2160837 has been marked as a duplicate of this bug. ***
Created edk2 tracking bugs for this issue: Affects: fedora-36 [bug 2167851] Affects: fedora-37 [bug 2167859] Created mingw-openssl tracking bugs for this issue: Affects: fedora-36 [bug 2167852] Affects: fedora-37 [bug 2167858] Created openssl tracking bugs for this issue: Affects: fedora-36 [bug 2167853] Affects: fedora-37 [bug 2167860] Created openssl1.1 tracking bugs for this issue: Affects: fedora-36 [bug 2167854] Affects: fedora-37 [bug 2167861] Created openssl11 tracking bugs for this issue: Affects: epel-7 [bug 2167850] Created openssl3 tracking bugs for this issue: Affects: epel-8 [bug 2167849] Created shim tracking bugs for this issue: Affects: fedora-36 [bug 2167855] Affects: fedora-37 [bug 2167862] Created shim-unsigned-aarch64 tracking bugs for this issue: Affects: fedora-36 [bug 2167856] Affects: fedora-37 [bug 2167863] Created shim-unsigned-x64 tracking bugs for this issue: Affects: fedora-36 [bug 2167857] Affects: fedora-37 [bug 2167864]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:0946 https://access.redhat.com/errata/RHSA-2023:0946
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:1199 https://access.redhat.com/errata/RHSA-2023:1199
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-0401