{"id":"CVE-2023-0401","details":"A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.","aliases":["GHSA-vrh7-x64v-7vxq","RUSTSEC-2023-0013"],"modified":"2026-04-02T08:32:29.442023Z","published":"2023-02-08T20:15:24.323Z","related":["ALSA-2023:0946","CGA-9c9j-v323-6ccm","MGASA-2023-0130","SUSE-SU-2023:0312-1","openSUSE-SU-2024:12716-1"],"references":[{"type":"WEB","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20230207.txt"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202402-08"},{"type":"FIX","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"last_affected":"19cc035b6c6f2283573d29c7ea7f7d675cf750ce"},{"introduced":"0"},{"fixed":"42768eafab40d3e2f0851caa84aa9801139c74ab"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"last_affected":"3.0.7"},{"introduced":"0"},{"fixed":"3.3.3"}]}}],"versions":["3.4-POST-CLANG-FORMAT-WEBKIT","3.4-PRE-CLANG-FORMAT-WEBKIT","3.5-POST-CLANG-FORMAT-WEBKIT","3.5-PRE-CLANG-FORMAT-WEBKIT","3.6-POST-CLANG-FORMAT-WEBKIT","3.6-PRE-CLANG-FORMAT-WEBKIT","4.0-POST-CLANG-FORMAT-WEBKIT","4.0-PRE-CLANG-FORMAT-WEBKIT","AFTER_COMPAQ_PATCH","BEFORE_COMPAQ_PATCH","BEFORE_engine","BEN_FIPS_TEST_1","BEN_FIPS_TEST_2","BEN_FIPS_TEST_3","BEN_FIPS_TEST_4","BEN_FIPS_TEST_5","BEN_FIPS_TEST_6","BEN_FIPS_TEST_7","BEN_FIPS_TEST_8","FIPS_098_TEST_1","FIPS_098_TEST_2","FIPS_098_TEST_3","FIPS_098_TEST_4","FIPS_098_TEST_5","FIPS_098_TEST_6","FIPS_098_TEST_7","FIPS_098_TEST_8","FIPS_TEST_10","FIPS_TEST_9","LEVITTE_after_const","LEVITTE_before_const","OpenSSL-engine-0_9_6","OpenSSL-engine-0_9_6-beta1","OpenSSL-engine-0_9_6-beta2","OpenSSL-engine-0_9_6-beta3","OpenSSL-engine-0_9_6a","OpenSSL-engine-0_9_6a-beta1","OpenSSL-engine-0_9_6a-beta2","OpenSSL-engine-0_9_6a-beta3","OpenSSL-engine-0_9_6b","OpenSSL-engine-0_9_6c","OpenSSL-engine-0_9_6d","OpenSSL-engine-0_9_6d-beta1","OpenSSL-engine-0_9_6e","OpenSSL-engine-0_9_6f","OpenSSL-engine-0_9_6g","OpenSSL-engine-0_9_6h","OpenSSL-engine-0_9_6i","OpenSSL-engine-0_9_6j","OpenSSL-engine-0_9_6k","OpenSSL-engine-0_9_6l","OpenSSL-engine-0_9_6m","OpenSSL-fips-1_2_0","OpenSSL-fips-1_2_1","OpenSSL-fips-1_2_2","OpenSSL-fips-1_2_3","OpenSSL-fips-2_0","OpenSSL-fips-2_0-pl1","OpenSSL-fips-2_0-rc1","OpenSSL-fips-2_0-rc2","OpenSSL-fips-2_0-rc3","OpenSSL-fips-2_0-rc4","OpenSSL-fips-2_0-rc5","OpenSSL-fips-2_0-rc6","OpenSSL-fips-2_0-rc7","OpenSSL-fips-2_0-rc8","OpenSSL-fips-2_0-rc9","OpenSSL-fips-2_0_1","OpenSSL-fips-2_0_10","OpenSSL-fips-2_0_11","OpenSSL-fips-2_0_12","OpenSSL-fips-2_0_13","OpenSSL-fips-2_0_14","OpenSSL-fips-2_0_15","OpenSSL-fips-2_0_16","OpenSSL-fips-2_0_2","OpenSSL-fips-2_0_3","OpenSSL-fips-2_0_4","OpenSSL-fips-2_0_5","OpenSSL-fips-2_0_6","OpenSSL-fips-2_0_7","OpenSSL-fips-2_0_8","OpenSSL-fips-2_0_9","OpenSSL_0_9_1c","OpenSSL_0_9_2b","OpenSSL_0_9_3","OpenSSL_0_9_3a","OpenSSL_0_9_3beta1","OpenSSL_0_9_3beta2","OpenSSL_0_9_4","OpenSSL_0_9_5","OpenSSL_0_9_5a","OpenSSL_0_9_5a-beta1","OpenSSL_0_9_5a-beta2","OpenSSL_0_9_5beta1","OpenSSL_0_9_5beta2","OpenSSL_0_9_6","OpenSSL_0_9_6-beta1","OpenSSL_0_9_6-beta2","OpenSSL_0_9_6-beta3","OpenSSL_0_9_6a","OpenSSL_0_9_6a-beta1","OpenSSL_0_9_6a-beta2","OpenSSL_0_9_6a-beta3","OpenSSL_0_9_6b","OpenSSL_0_9_6c","OpenSSL_0_9_6d","OpenSSL_0_9_6d-beta1","OpenSSL_0_9_6e","OpenSSL_0_9_6f","OpenSSL_0_9_6g","OpenSSL_0_9_6h","OpenSSL_0_9_6i","OpenSSL_0_9_6j","OpenSSL_0_9_6k","OpenSSL_0_9_6l","OpenSSL_0_9_6m","OpenSSL_0_9_7","OpenSSL_0_9_7-beta1","OpenSSL_0_9_7-beta2","OpenSSL_0_9_7-beta3","OpenSSL_0_9_7-beta4","OpenSSL_0_9_7-beta5","OpenSSL_0_9_7-beta6","OpenSSL_0_9_7a","OpenSSL_0_9_7b","OpenSSL_0_9_7c","OpenSSL_0_9_7d","OpenSSL_0_9_7e","OpenSSL_0_9_7f","OpenSSL_0_9_7g","OpenSSL_0_9_7h","OpenSSL_0_9_7i","OpenSSL_0_9_7j","OpenSSL_0_9_7k","OpenSSL_0_9_7l","OpenSSL_0_9_7m","OpenSSL_0_9_8","OpenSSL_0_9_8-beta1","OpenSSL_0_9_8-beta2","OpenSSL_0_9_8-beta3","OpenSSL_0_9_8-beta4","OpenSSL_0_9_8-beta5","OpenSSL_0_9_8-beta6","OpenSSL_0_9_8-post-auto-reformat","OpenSSL_0_9_8-post-reformat","OpenSSL_0_9_8-pre-auto-reformat","OpenSSL_0_9_8-pre-reformat","OpenSSL_0_9_8a","OpenSSL_0_9_8b","OpenSSL_0_9_8c","OpenSSL_0_9_8d","OpenSSL_0_9_8e","OpenSSL_0_9_8f","OpenSSL_0_9_8g","OpenSSL_0_9_8h","OpenSSL_0_9_8i","OpenSSL_0_9_8j","OpenSSL_0_9_8k","OpenSSL_0_9_8l","OpenSSL_0_9_8m","OpenSSL_0_9_8m-beta1","OpenSSL_0_9_8n","OpenSSL_0_9_8o","OpenSSL_0_9_8p","OpenSSL_0_9_8q","OpenSSL_0_9_8r","OpenSSL_0_9_8s","OpenSSL_0_9_8t","OpenSSL_0_9_8u","OpenSSL_0_9_8v","OpenSSL_0_9_8w","OpenSSL_0_9_8x","OpenSSL_0_9_8y","OpenSSL_0_9_8za","OpenSSL_0_9_8zb","OpenSSL_0_9_8zc","OpenSSL_0_9_8zd","OpenSSL_0_9_8ze","OpenSSL_0_9_8zf","OpenSSL_0_9_8zg","OpenSSL_0_9_8zh","OpenSSL_1_0_0","OpenSSL_1_0_0-beta1","OpenSSL_1_0_0-beta2","OpenSSL_1_0_0-beta3","OpenSSL_1_0_0-beta4","OpenSSL_1_0_0-beta5","OpenSSL_1_0_0-post-auto-reformat","OpenSSL_1_0_0-post-reformat","OpenSSL_1_0_0-pre-auto-reformat","OpenSSL_1_0_0-pre-reformat","OpenSSL_1_0_0a","OpenSSL_1_0_0b","OpenSSL_1_0_0c","OpenSSL_1_0_0d","OpenSSL_1_0_0e","OpenSSL_1_0_0f","OpenSSL_1_0_0g","OpenSSL_1_0_0h","OpenSSL_1_0_0i","OpenSSL_1_0_0j","OpenSSL_1_0_0k","OpenSSL_1_0_0l","OpenSSL_1_0_0m","OpenSSL_1_0_0n","OpenSSL_1_0_0o","OpenSSL_1_0_0p","OpenSSL_1_0_0q","OpenSSL_1_0_0r","OpenSSL_1_0_0s","OpenSSL_1_0_0t","OpenSSL_1_0_1","OpenSSL_1_0_1-beta1","OpenSSL_1_0_1-beta2","OpenSSL_1_0_1-beta3","OpenSSL_1_0_1-post-auto-reformat","OpenSSL_1_0_1-post-reformat","OpenSSL_1_0_1-pre-auto-reformat","OpenSSL_1_0_1-pre-reformat","OpenSSL_1_0_1a","OpenSSL_1_0_1b","OpenSSL_1_0_1c","OpenSSL_1_0_1d","OpenSSL_1_0_1e","OpenSSL_1_0_1f","OpenSSL_1_0_1g","OpenSSL_1_0_1h","OpenSSL_1_0_1i","OpenSSL_1_0_1j","OpenSSL_1_0_1k","OpenSSL_1_0_1l","OpenSSL_1_0_1m","OpenSSL_1_0_1n","OpenSSL_1_0_1o","OpenSSL_1_0_1p","OpenSSL_1_0_1q","OpenSSL_1_0_1r","OpenSSL_1_0_1s","OpenSSL_1_0_1t","OpenSSL_1_0_1u","OpenSSL_1_0_2","OpenSSL_1_0_2-beta1","OpenSSL_1_0_2-beta2","OpenSSL_1_0_2-beta3","OpenSSL_1_0_2-post-auto-reformat","OpenSSL_1_0_2-post-reformat","OpenSSL_1_0_2-pre-auto-reformat","OpenSSL_1_0_2-pre-reformat","OpenSSL_1_0_2a","OpenSSL_1_0_2b","OpenSSL_1_0_2c","OpenSSL_1_0_2d","OpenSSL_1_0_2e","OpenSSL_1_0_2f","OpenSSL_1_0_2g","OpenSSL_1_0_2h","OpenSSL_1_0_2i","OpenSSL_1_0_2j","OpenSSL_1_0_2k","OpenSSL_1_0_2l","OpenSSL_1_0_2m","OpenSSL_1_0_2n","OpenSSL_1_0_2o","OpenSSL_1_0_2p","OpenSSL_1_0_2q","OpenSSL_1_0_2r","OpenSSL_1_0_2s","OpenSSL_1_0_2t","OpenSSL_1_0_2u","OpenSSL_1_1_0","OpenSSL_1_1_0-pre1","OpenSSL_1_1_0-pre2","OpenSSL_1_1_0-pre3","OpenSSL_1_1_0-pre4","OpenSSL_1_1_0-pre5","OpenSSL_1_1_0-pre6","OpenSSL_1_1_0a","OpenSSL_1_1_0b","OpenSSL_1_1_0c","OpenSSL_1_1_0d","OpenSSL_1_1_0e","OpenSSL_1_1_0f","OpenSSL_1_1_0g","OpenSSL_1_1_0h","OpenSSL_1_1_0i","OpenSSL_1_1_0j","OpenSSL_1_1_0k","OpenSSL_1_1_0l","OpenSSL_1_1_1","OpenSSL_1_1_1-pre1","OpenSSL_1_1_1-pre2","OpenSSL_1_1_1-pre3","OpenSSL_1_1_1-pre4","OpenSSL_1_1_1-pre5","OpenSSL_1_1_1-pre6","OpenSSL_1_1_1-pre7","OpenSSL_1_1_1-pre8","OpenSSL_1_1_1-pre9","OpenSSL_1_1_1a","OpenSSL_1_1_1b","OpenSSL_1_1_1c","OpenSSL_1_1_1d","OpenSSL_1_1_1e","OpenSSL_1_1_1f","OpenSSL_1_1_1g","OpenSSL_1_1_1h","OpenSSL_1_1_1i","OpenSSL_1_1_1j","OpenSSL_1_1_1k","OpenSSL_1_1_1l","OpenSSL_1_1_1m","OpenSSL_1_1_1n","OpenSSL_1_1_1o","OpenSSL_1_1_1p","OpenSSL_1_1_1q","OpenSSL_1_1_1r","OpenSSL_1_1_1s","OpenSSL_1_1_1t","OpenSSL_1_1_1u","OpenSSL_1_1_1v","OpenSSL_1_1_1w","OpenSSL_FIPS_1_0","SSLeay_0_8_1b","SSLeay_0_9_0b","SSLeay_0_9_1b","STATE_after_zlib","STATE_before_zlib","master-post-auto-reformat","master-post-reformat","master-pre-auto-reformat","master-pre-reformat","openssl-3.0.0","openssl-3.0.0-alpha1","openssl-3.0.0-alpha10","openssl-3.0.0-alpha11","openssl-3.0.0-alpha12","openssl-3.0.0-alpha13","openssl-3.0.0-alpha14","openssl-3.0.0-alpha15","openssl-3.0.0-alpha16","openssl-3.0.0-alpha17","openssl-3.0.0-alpha2","openssl-3.0.0-alpha3","openssl-3.0.0-alpha4","openssl-3.0.0-alpha5","openssl-3.0.0-alpha6","openssl-3.0.0-alpha7","openssl-3.0.0-alpha8","openssl-3.0.0-alpha9","openssl-3.0.0-beta1","openssl-3.0.0-beta2","openssl-3.0.1","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.1.0","openssl-3.1.0-alpha1","openssl-3.1.0-beta1","openssl-3.1.1","openssl-3.1.2","openssl-3.1.3","openssl-3.1.4","openssl-3.1.5","openssl-3.1.6","openssl-3.1.7","openssl-3.1.8","openssl-3.2.0","openssl-3.2.0-alpha1","openssl-3.2.0-alpha2","openssl-3.2.0-beta1","openssl-3.2.1","openssl-3.2.2","openssl-3.2.3","openssl-3.2.4","openssl-3.2.5","openssl-3.2.6","openssl-3.3.0","openssl-3.3.0-alpha1","openssl-3.3.0-beta1","openssl-3.3.1","openssl-3.3.2","openssl-3.4.0","openssl-3.4.0-alpha1","openssl-3.4.0-beta1","openssl-3.4.1","openssl-3.4.2","openssl-3.4.3","openssl-3.4.4","openssl-3.5.0","openssl-3.5.0-alpha1","openssl-3.5.0-beta1","openssl-3.5.1","openssl-3.5.2","openssl-3.5.3","openssl-3.5.4","openssl-3.5.5","openssl-3.6.0","openssl-3.6.0-alpha1","openssl-3.6.0-beta1","openssl-3.6.1","openssl-4.0.0-alpha1","openssl-4.0.0-beta1","rsaref"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0401.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}