NULL dereference during PKCS7 data verification
CVE-2023-0401

7.5HIGH

Key Information:

Vendor: OpenSSL
Status: OpenSSL
Vendor: CVE Published:; 8 February 2023

Summary

A null pointer dereference occurs during the verification of PKCS7 signed or signedAndEnveloped data in OpenSSL. If the signature’s hash algorithm is recognized by the OpenSSL library but the necessary implementation of that algorithm is not available, the process fails during digest initialization. This situation arises often in cases where the FIPS-enabled configuration is used or when the legacy provider is not loaded. The absence of a proper check for the return value from the initialization function can lead to invalid usage of the digest API, which may result in a crash for third-party applications that rely on these functions for verifying signatures on untrusted data.

Affected Version(s)

OpenSSL 3.0.0 < 3.0.8

References

https://www.openssl.org/news/secadv/20230207.txt

vendor-advisory

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdif...

patch

https://security.gentoo.org/glsa/202402-08

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 8, 2023
Vulnerability Reserved
Jan 19, 2023

Credit

Hubert Kario (Red Hat)

Dmitry Belyavsky (Red Hat)

Tomáš Mráz