{"id":"CVE-2023-0464","details":"A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints.  Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.","modified":"2026-04-11T23:22:48.277547Z","published":"2023-03-22T17:15:13.130Z","related":["ALSA-2023:3722","CGA-w8g4-mrf2-mxp4","MGASA-2023-0130","SUSE-SU-2023:1703-1","SUSE-SU-2023:1704-1","SUSE-SU-2023:1737-1","SUSE-SU-2023:1738-1","SUSE-SU-2023:1745-1","SUSE-SU-2023:1746-1","SUSE-SU-2023:1747-1","SUSE-SU-2023:1748-1","SUSE-SU-2023:1754-1","SUSE-SU-2023:1764-1","SUSE-SU-2023:1790-1","openSUSE-SU-2024:12824-1","openSUSE-SU-2024:12825-1","openSUSE-SU-2024:12969-1","openSUSE-SU-2026:10199-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"},{"type":"WEB","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e"},{"type":"WEB","url":"https://www.couchbase.com/alerts/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202402-08"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230406-0006/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5417"},{"type":"ADVISORY","url":"https://www.openssl.org/news/secadv/20230322.txt"},{"type":"FIX","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545"},{"type":"FIX","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b"},{"type":"FIX","url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openssl/openssl","events":[{"introduced":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"fixed":"e818b74be2170fbe957a07b0da4401c2b694b3b8"},{"introduced":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"fixed":"e04bd3433fd84e1861bf258ea37928d9845e6a86"},{"introduced":"89cd17a031e022211684eb7eb41190cf1910f9fa"},{"fixed":"de90e54bbe82e5be4fb9608b6f5c308bb837d355"},{"introduced":"a92271e03a8d0dee507b6f1e7f49512568b2c7ad"},{"fixed":"2cf4e90eaaf7402bf038b158dbdacd0a15561fb7"}],"database_specific":{"versions":[{"introduced":"1.0.2"},{"fixed":"1.0.2zh"},{"introduced":"1.1.1"},{"fixed":"1.1.1u"},{"introduced":"3.0.0"},{"fixed":"3.0.9"},{"introduced":"3.1.0"},{"fixed":"3.1.1"}]}}],"versions":["openssl-3.0.0","openssl-3.0.1","openssl-3.0.2","openssl-3.0.3","openssl-3.0.4","openssl-3.0.5","openssl-3.0.6","openssl-3.0.7","openssl-3.0.8","openssl-3.1.0"],"database_specific":{"vanir_signatures":[{"id":"CVE-2023-0464-c377fa22","signature_type":"Line","source":"https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86","digest":{"threshold":0.9,"line_hashes":["28170854778703993674264004058177114599","73132526844288570625317440636111911761","177405411499435185068645597737938634778","224809958623850711330610094965797758930","295554444428855106393106961197201359586"]},"signature_version":"v1","deprecated":false,"target":{"file":"include/openssl/opensslv.h"}},{"id":"CVE-2023-0464-e051451f","signature_type":"Line","source":"https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8","digest":{"threshold":0.9,"line_hashes":["251633914150035957322733061977107206211","338514574181828579838011565939158652696","76638288692106140328510055542557597351","142922657400765574308962710386922248045","71649992455794854055653842592139575350","65527166711110472566013424527579064967","253196866009476977787139000804413898733","172177136897997206866313011107384691461"]},"signature_version":"v1","deprecated":false,"target":{"file":"crypto/opensslv.h"}}],"vanir_signatures_modified":"2026-04-11T23:22:48Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0464.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}