VDB

ALPINE-CVE-2023-0286

ALPINE-CVE-2023-0286 PUBLISHED CVSS 7.400000095367432 HIGH

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Risk Scores

CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersions
Alpine:v3.19openssl3.0.1-r1, 3.0.1-r0, 0
Alpine:v3.16openssl1.1.1, 1.0.2, 1.1.1q-r0
Alpine:v3.15openssl0, 1.1.1l-r3, 1.1.1l-r5
Alpine:v3.23openssl1.1.1-r4, 1.0.2, 3.0.7-r2
Alpine:v3.20openssl3.0.7-r2, 0, 1.1.1-r0
Alpine:v3.21openssl3.0.0-r4, 3.0.5-r0, 3.0.3-r0
Alpine:v3.16openssl31.1.1-r1, 1.1.1-r0, 0
Alpine:v3.17openssl1.1.1-r0, 0, 1.1.1-r1
Alpine:v3.14openssl*, 1.1.1j-r0, 1.1.1i-r0
Alpine:v3.24openssl1.0.2
Alpine:v3.15openssl31.1.1i-r0, 1.1.1h-r0, 1.1.1f-r0
Alpine:v3.22openssl1.1.1, 0, 1.1.1-r0
Alpine:v3.18openssl0, 1.1.1-r1, 1.1.1-r2

Timeline

  • Feb 8, 2023 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jul 8, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›