VDB

CVE-2023-0286

CVE-2023-0286 PUBLISHED CVSS 6.400000095367432 MEDIUM

X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. When CRL checking is enabled, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service.

EPSS 88.33% · 99.5th percentile

Risk Scores

CVSS 3.1
6.400000095367432
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H/E:P/RL:W/RC:C
EPSS Score
88.33%
99.5th percentile

Affected Products

VendorProductVersions
ABBABB M2M Gateway SW, software versions >=5.0.1|<=5.0.3
ABBABB M2M Gateway ARM600, firmware versions >=4.1.2|<=5.0.3

Exploit Intelligence

…and 122 more exploits

Timeline

  • Feb 7, 2023 CVE Published
  • Feb 9, 2023 EPSS Score
  • Feb 8, 2024 PoC Published
  • Mar 17, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Apr 3, 2025 EPSS Score
  • Apr 3, 2025 PoC Published
  • Apr 17, 2025 EPSS Score
  • Apr 19, 2025 EPSS Score
  • Apr 20, 2025 EPSS Score
  • May 9, 2025 EPSS Score
  • Jun 5, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›