CVE-2022-4450
published 2023-02-08CVE-2022-4450: The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the…
PriorityP351high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
20.44%
97.2th percentile
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the ability to supply malicious PEM
files for parsing to achieve a denial of service attack.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal
uses of these functions are not vulnerable because the caller does not free the
header argument if PEM_read_bio_ex() returns a failure code. These locations
include the PEM_read_bio_TYPE() functions as well as the decoders introduced in
OpenSSL 3.0.
The OpenSSL asn1parse command line application is also impacted by this issue.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssl | < openssl 3.0.8-1 (bookworm) | openssl 3.0.8-1 (bookworm) |
| msrc | azl3_edk2_20230301gitf80f052277c8-37_on_azure_linux_3.0 | — | — |
| msrc | azl3_hvloader_1.0.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_hvloader_1.0.1-4_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_cloud-hypervisor_30.0-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_hvloader_1.0.1-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_openssl_1.1.1k-21_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_rust_1.68.2-5_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_cloud-hypervisor_22.0-2_on_cbl_mariner_1.0 | — | — |
| msrc | cm1_openssl_1.1.1k-13_on_cbl_mariner_1.0 | — | — |
| msrc | cm1_rust_1.59.0-1_on_cbl_mariner_1.0 | — | — |
| nodejs | nodejs | >= 0 < 12.22.9~dfsg-1ubuntu3.3 | 12.22.9~dfsg-1ubuntu3.3 |
| openssl | openssl | >= 0 < 1.1.1t-r0 | 1.1.1t-r0 |
| openssl | openssl | >= 0 < 1.1.1t-r0 | 1.1.1t-r0 |
| openssl | openssl | >= 0 < 1.1.1t-r0 | 1.1.1t-r0 |
| openssl | openssl | >= 0 < 3.0.8-r0 | 3.0.8-r0 |
| openssl | openssl | >= 0 < 3.0.8-r0 | 3.0.8-r0 |
| openssl | openssl | >= 0 < 3.0.8-r0 | 3.0.8-r0 |
| openssl | openssl | >= 0 < 3.0.8-r0 | 3.0.8-r0 |
| openssl | openssl | >= 0 < 3.0.8-r0 | 3.0.8-r0 |
| openssl | openssl | >= 0 < 3.0.8-r0 | 3.0.8-r0 |
| openssl | openssl | >= 0 < 3.0.8-r0 | 3.0.8-r0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_oracle7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
edk2 regression
osv·2025-11-28·CVSS 7.4
CVE-2023-45236 [HIGH] edk2 regression
edk2 regression
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that
OSV
edk2 vulnerabilities
osv·2025-11-26·CVSS 7.4
CVE-2023-45236 [HIGH] edk2 vulnerabilities
edk2 vulnerabilities
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-38
OSV
nodejs vulnerabilities
osv·2024-01-03·CVSS 5.9
CVE-2022-4304 [MEDIUM] nodejs vulnerabilities
nodejs vulnerabilities
Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2022-4304)
CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-4450)
Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a de
OSV
CVE-2022-4450: The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e
osv·2023-02-08·CVSS 7.5
CVE-2022-4450 [HIGH] CVE-2022-4450: The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the ability to supply malicious PEM
files for parsing t
GHSA
openssl-src contains Double free after calling `PEM_read_bio_ex`
ghsa·2023-02-08
CVE-2022-4450 [HIGH] CWE-415 openssl-src contains Double free after calling `PEM_read_bio_ex`
openssl-src contains Double free after calling `PEM_read_bio_ex`
The function `PEM_read_bio_ex()` reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case `PEM_read_bio_ex()` will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an at
OSV
CVE-2022-4450: The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e
osv·2023-02-08·CVSS 7.5
CVE-2022-4450 [HIGH] CVE-2022-4450: The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing t
OSV
openssl-src contains Double free after calling `PEM_read_bio_ex`
osv·2023-02-08
CVE-2022-4450 [HIGH] openssl-src contains Double free after calling `PEM_read_bio_ex`
openssl-src contains Double free after calling `PEM_read_bio_ex`
The function `PEM_read_bio_ex()` reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case `PEM_read_bio_ex()` will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an at
OSV
openssl vulnerabilities
osv·2023-02-07·CVSS 4.9
CVE-2023-0286 [MEDIUM] openssl vulnerabilities
openssl vulnerabilities
David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)
Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate
verification. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203)
Hubert Kario discovered that OpenSSL had a timing based side channel in the
OpenSSL RSA Decryption implementation. A remote attacker could possibly use
this issue to recover sensitive information. (CVE-2022-4304)
Dawei Wang discovered that OpenSSL incor
OSV
Double free after calling `PEM_read_bio_ex`
osv·2023-02-07
CVE-2022-4450 Double free after calling `PEM_read_bio_ex`
Double free after calling `PEM_read_bio_ex`
The function `PEM_read_bio_ex()` reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case `PEM_read_bio_ex()`
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the ab
Ubuntu
EDK II regression
vendor_ubuntu·2025-11-28·CVSS 5.8
CVE-2023-45236 [MEDIUM] EDK II regression
Title: EDK II regression
Summary: USN-7894-1 introduced a regression in EDK II
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS
Ubuntu
EDK II vulnerabilities
vendor_ubuntu·2025-11-26·CVSS 7.4
CVE-2023-45236 [HIGH] EDK II vulnerabilities
Title: EDK II vulnerabilities
Summary: Several security issues were fixed in EDK II.
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue o
CISA ICS
Hitachi Energy PCU400
cisa_ics·2025-03-06
Hitachi Energy PCU400
ICS Advisory
##
Hitachi Energy PCU400
Release DateMarch 06, 2025
Alert CodeICSA-25-065-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: PCU400, PCULogger
- Vulnerabilities: Access of Resource Using Incompatible Type ('Type Confusion'), NULL Pointer Dereference, Use After Free, Double Free, Observable Discrepancy, Out-of-bounds Read
## 2. RISK EVALUATION
Exploitation of these vulnerabilities could allow an attacker to access or decrypt sensitive data, crash the device application, or cause a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Hita
CISA ICS
Siemens SCALANCE W700
cisa_ics·2025-02-13
Siemens SCALANCE W700
ICS Advisory
##
Siemens SCALANCE W700
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-09
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE W700
- Vulnerabilities: Double Free, Improper Restriction of Communication Channel to Intended Endpoints, Improper Resource Sh
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
vendor_paloalto·2024-11-07·CVSS 6.8
CVE-2014-0195 [MEDIUM] PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the
CVEs: CVE-2014-0195, CVE-2014-0224, CVE-2014-3509, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2015-0209, CVE-2015-0292, CVE-2015-1789, CVE-2015-1791, CVE-2015-1793, CVE-2015-3194, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2019-1551, CVE-2019-1552, CVE-2019-1559, CVE-2019-1563, CVE-2020-196
CISA ICS
Hitachi Energy AFS/AFR Series Products
cisa_ics·2024-07-23·CVSS 7.5
[HIGH] Hitachi Energy AFS/AFR Series Products
ICS Advisory
##
Hitachi Energy AFS/AFR Series Products
Release DateJuly 23, 2024
Alert CodeICSA-24-205-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677
- Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to create a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Hitachi Energy AFS/AFR are affected:
- AFS650: Version 9.1.08 and prior
CISA ICS
Siemens SIMATIC and SIPLUS
cisa_ics·2024-06-13
Siemens SIMATIC and SIPLUS
ICS Advisory
##
Siemens SIMATIC and SIPLUS
Release DateJune 13, 2024
Alert CodeICSA-24-165-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC, SIPLUS
- Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Operations within the Bounds of a Memory Bu
CISA ICS
Siemens TIM 1531 IRC
cisa_ics·2024-06-13·CVSS 5.5
[MEDIUM] Siemens TIM 1531 IRC
ICS Advisory
##
Siemens TIM 1531 IRC
Release DateJune 13, 2024
Alert CodeICSA-24-165-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIPLUS TIM 1531 IRC
- Vulnerabilities: Improper Input Validation, Out-of-bounds Write, Inadequate Encryption Strength, Double Free, Missing
CISA ICS
Siemens SCALANCE XM-400, XR-500
cisa_ics·2024-06-13
Siemens SCALANCE XM-400, XR-500
ICS Advisory
##
Siemens SCALANCE XM-400, XR-500
Release DateJune 13, 2024
Alert CodeICSA-24-165-11
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XM-400/XR-500
- Vulnerabilities: Inadequate Encryption Strength, Double Free, Use-After-Free, Improper Input Validation,
CISA ICS
Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)
cisa_ics·2024-06-04·CVSS 5.9
[MEDIUM] Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)
ICS Advisory
##
Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)
Last RevisedJune 04, 2024
Alert CodeICSA-23-278-03
Related topics:
Industrial Control Systems, Industrial Control System Vulnerabilities
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric
- Equipment: CC-Link IE TSN Industrial Managed Switch
- Vulnerabilities: Observable Timing Discrepancy, Double Free
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in disclosure of information stored in the product by sending specially crafted packets or could cause a denial-of service (DoS) condition by getting a legitimate user to import a specially crafted certif
CISA ICS
Siemens Telecontrol Server Basic
cisa_ics·2024-04-11
Siemens Telecontrol Server Basic
ICS Advisory
##
Siemens Telecontrol Server Basic
Release DateApril 11, 2024
Alert CodeICSA-24-102-08
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Telecontrol Server Basic
- Vulnerabilities: Inadequate Encryption Strength, Double Free, Integer Overflow or Wraparound, External Control of File Name or Path, Path Traversal, Improper Input Validation, Missing Encry
Palo Alto
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION
vendor_paloalto·2024-04-05·CVSS 4.3
CVE-2007-2768 [MEDIUM] PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION
PAN-SA-2024-0003 Informational Bulletin: Impact of OSS CVEs in Prisma SD-WAN ION
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Prisma SD-WAN ION. While Prisma SD-WAN ION may include the
CVEs: CVE-2007-2768, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, CVE-2016-20012, CVE-2016-8858, CVE-2019-6109, CVE-2019-6110, CVE-2019-6111, CVE-2020-12062, CVE-2021-41617, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-28531, CVE-2023-38408, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767
Affected products: Prisma SD
CISA ICS
Siemens SINEC NMS
cisa_ics·2024-02-15
Siemens SINEC NMS
ICS Advisory
##
Siemens SINEC NMS
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-15
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEC NMS
- Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, Use After Free, NULL Pointer Dereference, Improper Input Validation, Missing Encryption of Sensitive Data, Allocation of Resources Wit
Oracle
Oracle Oracle Systems Risk Matrix: XCP Firmware (OpenSSL) — CVE-2022-4450
vendor_oracle·2024-01-15·CVSS 7.5
CVE-2022-4450 [HIGH] Oracle Oracle Systems Risk Matrix: XCP Firmware (OpenSSL) — CVE-2022-4450
Oracle Oracle Systems Risk Matrix: XCP Firmware (OpenSSL) vulnerability
CVE: CVE-2022-4450
CVSS: 7.5
Protocol: TLS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2024 (JAN 2024)
CISA ICS
Mitsubishi Electric Factory Automation Products
cisa_ics·2024-01-04·CVSS 5.9
[MEDIUM] Mitsubishi Electric Factory Automation Products
ICS Advisory
##
Mitsubishi Electric Factory Automation Products
Release DateJanuary 04, 2024
Alert CodeICSA-24-004-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric
- Equipment: Multiple Factory Automation Products
- Vulnerabilities: Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type ('Type Confusion')
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could disclose information in the product or could cause denial-of-service (DoS) condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Factory Automation products are affected:
- GT SoftGOT2000: Versions 1.275M to 1.290C (CVE-2023-0286)
- OPC
Ubuntu
Node.js vulnerabilities
vendor_ubuntu·2024-01-03·CVSS 5.9
CVE-2022-4450 [MEDIUM] Node.js vulnerabilities
Title: Node.js vulnerabilities
Summary: Several security issues were fixed in Node.js.
Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2022-4304)
CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-4450)
Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input fi
CISA ICS
Siemens SCALANCE Family Products
cisa_ics·2023-11-16
Siemens SCALANCE Family Products
ICS Advisory
##
Siemens SCALANCE Family Products
Release DateNovember 16, 2023
Alert CodeICSA-23-320-08
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family
- Vulnerabilities: Out-of-bounds Read, Inadequate Encryption Strength, Double Free, NULL Pointer Dereference, Allocation of Resources Without Limits or Thrott
CISA ICS
Hitachi Energy Lumada APM Edge
cisa_ics·2023-09-12·CVSS 7.5
[HIGH] Hitachi Energy Lumada APM Edge
ICS Advisory
##
Hitachi Energy Lumada APM Edge
Release DateSeptember 12, 2023
Alert CodeICSA-23-255-01
## View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.5
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Hitachi Energy
- Equipment: Lumada Asset Performance Management (APM) Edge
- Vulnerabilities: Use After Free, Double Free, Type Confusion, Observable Discrepancy
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition or disclosure of sensitive information.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Hitachi products are affected:
- Lumada APM Edge: Versions 4.0 and prior
- Lumada APM Edge: Version 6.3
## 3.2 Vulnerability Overview
3.2.1
CISA ICS
ICONICS and Mitsubishi Electric Products
cisa_ics·2023-08-17·CVSS 7.5
[HIGH] ICONICS and Mitsubishi Electric Products
ICS Advisory
##
ICONICS and Mitsubishi Electric Products
Release DateAugust 17, 2023
Alert CodeICSA-23-229-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 5.9
- ATTENTION: Exploitable remotely
- Vendor: ICONICS, Mitsubishi Electric
- Equipment: ICONICS Product Suite
- Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
ICONICS reports these vulnerabilities affect the following products using OpenSSL:
-
ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI:
Oracle
Oracle Oracle Communications Risk Matrix: Signaling (OpenSSL) — CVE-2022-4450
vendor_oracle·2023-07-15·CVSS 7.5
CVE-2022-4450 [HIGH] Oracle Oracle Communications Risk Matrix: Signaling (OpenSSL) — CVE-2022-4450
Oracle Oracle Communications Risk Matrix: Signaling (OpenSSL) vulnerability
CVE: CVE-2022-4450
CVSS: 7.5
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2023 (JUL 2023)
CISA ICS
Siemens SIMATIC MV500 Devices
cisa_ics·2023-07-13·CVSS 4.3
[MEDIUM] Siemens SIMATIC MV500 Devices
ICS Advisory
##
Siemens SIMATIC MV500 Devices
Release DateJuly 13, 2023
Alert CodeICSA-23-194-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC MV500 series devices
- Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Missing Release of Memory after Effective Lifetime, Injection, Inadequate Encryption Strength, Double Free, Incomplete Cleanup, Observable Discrepancy, Improper Locking, Use After Free, Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read memory contents, disclose information, or cause a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFF
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
cisa_ics·2023-06-15·CVSS 5.5
[MEDIUM] Siemens SIMATIC S7-1500 TM MFP Linux Kernel
ICS Advisory
##
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
Release DateJune 15, 2023
Alert CodeICSA-23-166-11
## As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely / low attack complexity / public exploits available
- Vendor: Siemens ProductCERT
- Equipment: SIMATIC S7-1500 TM MFP
- Vulnerabilities: Multiple vulnerabilities
## 2. RISK EVALUATION
Exploitation of these vulnerabilities could lead to denial-of-service, crashing t
CISA ICS
Siemens SCALANCE W1750D Devices
cisa_ics·2023-03-16·CVSS 5.9
[MEDIUM] Siemens SCALANCE W1750D Devices
ICS Advisory
##
Siemens SCALANCE W1750D Devices
Release DateMarch 16, 2023
Alert CodeICSA-23-075-04
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.4
- ATTENTION: Exploitable remotely
- Vendor: Siemens
- Equipment: SCALANCE W1750D
- Vulnerabilities: Inadequate Encryption Strength, Double Free, Use After Free, Improper Input Validation
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to read memory contents, decryp
BSD
FreeBSD-SA-23:03.openssl: Multiple vulnerabilities in OpenSSL
bsd_advisories·2023-02-16·CVSS 5.9
CVE-2022-4304 [MEDIUM] FreeBSD-SA-23:03.openssl: Multiple vulnerabilities in OpenSSL
FreeBSD-SA-23:03.openssl Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSL
Category: contrib
Module: openssl
Announced: 2023-02-16
Credits: See referenced OpenSSL advisory.
Affects: All supported versions of FreeBSD.
Corrected: 2023-02-07 22:38:40 UTC (stable/13, 13.1-STABLE)
2023-02-16 17:58:13 UTC (releng/13.1, 13.1-RELEASE-p7)
2023-02-07 23:09:41 UTC (stable/12, 12.4-STABLE)
2023-02-16 18:04:12 UTC (releng/12.4, 12.4-RELEASE-p2)
2023-02-16 18:03:37 UTC (releng/12.3, 12.3-RELEASE-p12)
CVE Name: CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
FreeBSD includes sof
Microsoft
Double free after calling PEM_read_bio_ex
vendor_msrc·2023-02-14·CVSS 7.5
CVE-2022-4450 [HIGH] CWE-415 Double free after calling PEM_read_bio_ex
Double free after calling PEM_read_bio_ex
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
openssl: openssl
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft
Palo Alto
PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
vendor_paloalto·2023-02-08·CVSS 4.9
CVE-2023-0286 [MEDIUM] PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023
The Palo Alto Networks Product Security Assurance team has evaluated the OpenSSL vulnerabilities that were disclosed on February 7, 2023 (CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401) as it relates to our products. At this time, there are no demonstrated scenarios that enable successful
CVEs: CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401
Affected products: Cortex Data, Cortex XDR, Cortex XSOAR, Cortex Xpanse, GlobalProtect, PAN-OS, Prisma Access, Prisma Cloud, Prisma SD
Red Hat
openssl: double free after calling PEM_read_bio_ex
vendor_redhat·2023-02-07·CVSS 7.5
CVE-2022-4450 [HIGH] CWE-415 openssl: double free after calling PEM_read_bio_ex
openssl: double free after calling PEM_read_bio_ex
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2023-02-07·CVSS 4.9
CVE-2023-0217 [MEDIUM] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)
Corey Bonnell discovered that OpenSSL incorrectly handled X.509 certificate
verification. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 22.10. (CVE-2022-4203)
Hubert Kario discovered that OpenSSL had a timing based side channel in the
OpenSSL RSA Decryption implementation. A remote attacker could possibly use
this issue to recover sensitive inform
Debian
CVE-2022-4450: openssl - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decode...
vendor_debian·2022·CVSS 7.5
CVE-2022-4450 [HIGH] CVE-2022-4450: openssl - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decode...
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing t
No detection rules found.
No public exploits indexed.
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858bhttps://security.gentoo.org/glsa/202402-08https://www.openssl.org/news/secadv/20230207.txthttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858bhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003https://security.gentoo.org/glsa/202402-08https://www.openssl.org/news/secadv/20230207.txt
2023-02-08
Published