Debian OpenSSL vulnerabilities

CVE-2023-0401 [HIGH] CVE-2023-0401: openssl - A NULL pointer can be dereferenced when signatures are being verified on PKCS7 s... A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization funct

CVE-2023-0465 [MEDIUM] CVE-2023-0465: openssl - Applications that use a non-default option when verifying certificates may be vu... Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid cer

CVE-2023-0466 [MEDIUM] CVE-2023-0466: openssl - The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable ... The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break exis

CVE-2023-6237 [MEDIUM] CVE-2023-6237: openssl - Issue summary: Checking excessively long invalid RSA public keys may take a long... Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may lead to a Denial of Service. When function EVP_PKEY_public_check(

CVE-2023-5678 [MEDIUM] CVE-2023-5678: openssl - Issue summary: Generating excessively long X9.42 DH keys or checking excessively... Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check

CVE-2023-3817 [MEDIUM] CVE-2023-3817: openssl - Issue summary: Checking excessively long DH keys or parameters may be very slow.... Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial

CVE-2023-3446 [MEDIUM] CVE-2023-3446: openssl - Issue summary: Checking excessively long DH keys or parameters may be very slow.... Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial

CVE-2023-2650 [MEDIUM] CVE-2023-2650: openssl - Issue summary: Processing some specially crafted ASN.1 object identifiers or dat... Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may le

CVE-2023-1255 [MEDIUM] CVE-2023-1255: openssl - Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platf... Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher

CVE-2023-2975 [MEDIUM] CVE-2023-2975: openssl - Issue summary: The AES-SIV cipher implementation contains a bug that causes it t... Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ig

CVE-2023-6129 [MEDIUM] CVE-2023-6129: openssl - Issue summary: The POLY1305 MAC (message authentication code) implementation con... Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various

CVE-2023-4807 [HIGH] CVE-2023-4807: openssl - Issue summary: The POLY1305 MAC (message authentication code) implementation con... Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MA

CVE-2022-2274 [CRITICAL] CVE-2022-2274: openssl - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for... The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a re

CVE-2022-1292 [HIGH] CVE-2022-1292: openssl - The c_rehash script does not properly sanitise shell metacharacters to prevent c... The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be

CVE-2022-3602 [HIGH] CVE-2022-3602: openssl - A buffer overrun can be triggered in X.509 certificate verification, specificall... A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An atta

CVE-2022-3996 [HIGH] CVE-2022-3996: openssl - If an X.509 certificate contains a malformed policy constraint and policy proces... If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Poli

CVE-2022-4450 [HIGH] CVE-2022-4450: openssl - The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decode... The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possi

CVE-2022-2068 [HIGH] CVE-2022-2068: openssl - In addition to the c_rehash shell command injection identified in CVE-2022-1292,... In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates bei

CVE-2022-3358 [HIGH] CVE-2022-3358: openssl - OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() f... OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the E

CVE-2022-3786 [HIGH] CVE-2022-3786: openssl - A buffer overrun can be triggered in X.509 certificate verification, specificall... A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacke