Home > Vulnerability Database > CVE-2023-0217

Mend.io Vulnerability Database

CVE-2023-0217

Good to know:

Date: February 8, 2023

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

Language: RUST

Severity Score

7.5

Related Resources (7)

Url: https://access.redhat.com/security/cve/CVE-2023-0217

Url: https://security.gentoo.org/glsa/202402-08

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-0217

Url: https://security-tracker.debian.org/tracker/CVE-2023-0217

Url: https://www.openssl.org/news/secadv/20230207.txt

Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096

Url: https://www.mend.io/vulnerability-database/CVE-2023-0217

Severity Score

7.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version openssl-3.0.8

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-0217

Good to know:

Date: February 8, 2023

Language: RUST

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?