CVE-2023-0465

Invalid certificate policies in leaf certificates are silently ignored

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NVD
RedHat

Applications that use a non-default option when verifying certificates may be
vulnerable to an attack from a malicious CA to circumvent certain checks.

Invalid certificate policies in leaf certificates are silently ignored by
OpenSSL and other certificate policy checks are skipped for that certificate.
A malicious CA could use this to deliberately assert invalid certificate policies
in order to circumvent policy checking on the certificate altogether.

Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.

A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

*Credits: David Benjamin (Google), Matt Caswell

CVSS Scores

NISTv3.1 5.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-01-24 CVE Reserved
2023-03-28 CVE Published
2024-08-02 CVE Updated
2024-09-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-295: Improper Certificate Validation

CAPEC

References (11)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
https://security.gentoo.org/glsa/202402-08
https://security.netapp.com/advisory/ntap-20230414-0001
https://www.debian.org/security/2023/dsa-5417

URL	Date	SRC

URL	Date	SRC
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a	2024-02-04
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb	2024-02-04
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95	2024-02-04
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c	2024-02-04

URL	Date	SRC
https://www.openssl.org/news/secadv/20230328.txt	2024-02-04
https://access.redhat.com/security/cve/CVE-2023-0465	2023-12-07
https://bugzilla.redhat.com/show_bug.cgi?id=2182561	2023-12-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.0.2 < 1.0.2zh Search vendor "Openssl" for product "Openssl" and version " >= 1.0.2 < 1.0.2zh"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 1.1.1 < 1.1.1u Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1 < 1.1.1u"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 3.0.0 < 3.0.9 Search vendor "Openssl" for product "Openssl" and version " >= 3.0.0 < 3.0.9"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				>= 3.1.0 < 3.1.1 Search vendor "Openssl" for product "Openssl" and version " >= 3.1.0 < 3.1.1"		-		Affected