CVE-2023-0216

CVE Database · CVE-2023-0216

CVE-2023-0216

· HIGHModified

CVSS v3.1

7.5

EPSS

1.86%

Published

Feb 8, 2023

Modified

Nov 4, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-476CWE-476

Affected Products (2)

openssl · opensslvulnerable

stormshield · stormshield_management_center (up to 3.3.3)vulnerable

References (7)

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6

PatchVendor Advisory

https://security.gentoo.org/glsa/202402-08

https://www.openssl.org/news/secadv/20230207.txt