CVE-2023-0464

CVE Database · CVE-2023-0464

CVE-2023-0464

· HIGHModified

CVSS v3.1

7.5

EPSS

3.66%

Published

Mar 22, 2023

Modified

May 5, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-295CWE-295

Affected Products (4)

openssl · openssl (up to 1.0.2zh)vulnerable

openssl · openssl (up to 1.1.1u)vulnerable

openssl · openssl (up to 3.0.9)vulnerable

openssl · openssl (up to 3.1.1)vulnerable

References (20)

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545

Mailing ListPatch