ALPINE-CVE-2023-0465 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2023-0465 PUBLISHED CVSS 5.300000190734863 MEDIUM

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.17	openssl	3.0.0-r4, 3.0.8-r1, 3.0.8-r0
Alpine:v3.16	openssl3	1.1.1-r2, 0, 1.1.1-r0
Alpine:v3.22	openssl	0, 3.1.0-r1, 3.1.0-r0
Alpine:v3.16	openssl	1.1.1m-r0, 1.1.1m-r1, 1.1.1m-r2
Alpine:v3.20	openssl	3.0.7-r0, 0, 1.1.1-r1
Alpine:v3.23	openssl	0, 1.1.1-r0, 1.1.1-r1
Alpine:v3.21	openssl	3.0.8-r1, *, 3.1.0-r0
Alpine:v3.15	openssl3	1.1.1-r0, 3.0.8-r1, 3.0.8-r0
Alpine:v3.14	openssl	, , *
Alpine:v3.15	openssl	1.1.1, 1.1.1, 1.1.1
Alpine:v3.18	openssl	3.0.5-r2, 3.0.5-r0, 3.0.3-r0
Alpine:v3.19	openssl	1.1.1-r1, 1.1.1-r2, 1.1.1-r3

Timeline

Mar 28, 2023 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2023-0465 advisory

Open in Interactive Console →