CVE-2023-0464: OpenSSL: CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Status

Not Exploited

Patch Tuesday

2024-Jul

Released

2023-03-27

Last Updated

2024-07-12

EPSS Score

0.97% (percentile: 76.6%)

Detection & Weaponization (1 sources)

Maturity: Exploit

• GitHub PoC: 1 repositories

Affected Products (6)

Mariner

• CBL Mariner 2.0 x64
• CBL Mariner 2.0 ARM
• CBL Mariner 1.0 x64
• CBL Mariner 1.0 ARM
• Azure Linux 3.0 x64
• Azure Linux 3.0 ARM

Acknowledgments

Gus Catalano with Microsoft, Ray Reskusich with Microsoft, Philemon Orphee Favrod with Microsoft

Revision History

• 2023-03-27: Information published.
• 2023-04-24: Added nodejs18 to CBL-Mariner 2.0
• 2023-10-11: Added edk2 to CBL-Mariner 2.0
• 2024-04-06: Added hvloader to CBL-Mariner 2.0
• 2024-06-30: Information published.
• 2024-07-12: Information published.