ALPINE-CVE-2023-0286

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2023-0286
Published: 08 Feb 2023, 20:15
Last modified:03 Dec 2025, 22:51

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.4 HIGH
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

08 Feb 2023, 20:15
Published
Vulnerability first disclosed
03 Dec 2025, 22:51
Last Modified
Vulnerability information updated

Description

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

CVSS Metrics

  • v3.1HIGHScore: 7.4CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Systems

  • alpineopenssl

    < 1.1.1t-r0 | < 1.1.1t-r0 | < 1.1.1t-r0 | < 3.0.8-r0 | < 3.0.8-r0 | < 3.0.8-r0 | < 3.0.8-r0 | < 3.0.8-r0 | < 3.0.8-r0 | < 3.0.8-r0

  • alpineopenssl3

    < 3.0.8-r0 | < 3.0.8-r0

References (1)