FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- Multiple vulnerabilities

Affected packages
openssl < 1.1.1t,1_2
openssl30 < 3.0.8_2
openssl31 < 3.1.0_2
openssl-quic < 3.0.8_2

Details

VuXML ID 425b9538-ce5f-11ed-ade3-d4c9ef517024
Discovery 2023-03-28
Entry 2023-03-29

The OpenSSL project reports:

Severity: low

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks.

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification.

References

CVE Name CVE-2023-0465
CVE Name CVE-2023-0466
URL https://www.openssl.org/news/secadv/20230328.txt