What is CVE-2023-0286?

CVE-2023-0286 is a vulnerability in Openssl. Published 2023-02-08.

Is CVE-2023-0286 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openssl

CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of…

EPSS: 0.883 (99.5th percentile) — read the EPSS interpretation.

Affected products

Openssl — versions 3.0.0, 1.1.1, 1.0.2

Public proof-of-concept exploits

ARPSyndicate/cvemon
EGI-Federation/SVG-advisories
FairwindsOps/bif
Huzefa-khambata/Cyber-task-3-
PajakAlexandre/wik-dps-tp02
Tuttu7/Yum-command
a23au/awe-base-images
boardwalkjoe/cve-security-check
chnzzh/OpenSSL-CVE-lib
dejanb/guac-rs

References

OpenSSL Advisory (vendor-advisory)
3.0.8 git commit (patch)
1.1.1t git commit (patch)
1.0.2zg patch (premium) (patch)
ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
security.gentoo.org/glsa/202402-08

Frequently asked questions

What is CVE-2023-0286?: CVE-2023-0286 is a vulnerability in Openssl. Published 2023-02-08.
Is CVE-2023-0286 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.