CVE-2023-0215

CWE-416Use After Free21 documents11 sources
Severity
7.5HIGH
EPSS
0.5%
top 33.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openssl OpensslStormshield Stormshield Management Center
Timeline
PublishedFeb 8
Latest updateNov 26

Description

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

crates.ioopenssl-src300.0.0300.0.12+2
CVEListV5openssl/openssl3.0.03.0.8+2
NVDopenssl/openssl1.0.21.0.2zg+2
Alpineopenssl< 1.1.1t-r0+9
Debianopenssl< 1.1.1n-0+deb11u4+3

Patches

Patch: git.openssl.orgPatch: git.openssl.orgPatch: git.openssl.org

🔴Vulnerability Details

8
OSV
CVE-2023-0215: The public API function BIO_new_NDEF is a helper function used for streaming ASN2023-02-08
GHSA
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`2023-02-08
OSV
CVE-2023-0215: The public API function BIO_new_NDEF is a helper function used for streaming ASN2023-02-08
CVEList
Use-after-free following BIO_new_NDEF2023-02-08
OSV
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`2023-02-08

📋Vendor Advisories

11
Ubuntu
EDK II vulnerabilities2025-11-26
Ubuntu
Node.js vulnerabilities2024-01-03
Oracle
Oracle Oracle Communications Risk Matrix: Oracle Linux (OpenSSL) — CVE-2023-02152023-07-15
Oracle
Oracle Oracle Essbase Risk Matrix: Build (OpenSSL) — CVE-2023-02152023-04-15
BSD
FreeBSD-SA-23:03.openssl: Multiple vulnerabilities in OpenSSL2023-02-16

💬Community

1
HackerOne
UAF in OpenSSL up to 3.0.72023-03-18