{"api_version":"1","generated_at":"2026-04-23T00:40:27+00:00","cve":"CVE-2023-0464","urls":{"html":"https://cve.report/CVE-2023-0464","api":"https://cve.report/api/cve/CVE-2023-0464.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-0464","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-0464"},"summary":{"title":"CVE-2023-0464","description":"A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints.  Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.","state":"PUBLIC","assigner":"openssl-security@openssl.org","published_at":"2023-03-22 17:15:00","updated_at":"2024-02-04 09:15:00"},"problem_types":["CWE-295"],"metrics":[],"references":[{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5417","name":"https://www.debian.org/security/2023/dsa-5417","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5417-1 openssl","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3449-1] openssl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"https://www.couchbase.com/alerts/","name":"https://www.couchbase.com/alerts/","refsource":"","tags":[],"title":"Enterprise Security Alerts & Advisories for Couchbase","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202402-08","name":"https://security.gentoo.org/glsa/202402-08","refsource":"","tags":[],"title":"OpenSSL: Multiple Vulnerabilities (GLSA 202402-08) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openssl.org/news/secadv/20230322.txt","name":"https://www.openssl.org/news/secadv/20230322.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-0464","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0464","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"464","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-0464","qid":"160752","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2023-3722)"},{"cve":"CVE-2023-0464","qid":"181818","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5417-1)"},{"cve":"CVE-2023-0464","qid":"181834","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 3449-1)"},{"cve":"CVE-2023-0464","qid":"183828","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2023-0464)"},{"cve":"CVE-2023-0464","qid":"199305","title":"Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-6039-1)"},{"cve":"CVE-2023-0464","qid":"241736","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2023:3722)"},{"cve":"CVE-2023-0464","qid":"242553","title":"Red Hat Update for JBoss Core Services (RHSA-2023:7625)"},{"cve":"CVE-2023-0464","qid":"330149","title":"IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (openssl_advisory39)"},{"cve":"CVE-2023-0464","qid":"355097","title":"Amazon Linux Security Advisory for openssl11 : ALAS2-2023-2039"},{"cve":"CVE-2023-0464","qid":"355167","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-181"},{"cve":"CVE-2023-0464","qid":"355387","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2-2023-2073"},{"cve":"CVE-2023-0464","qid":"355428","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2023-1762"},{"cve":"CVE-2023-0464","qid":"355523","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : AL2012-2023-422"},{"cve":"CVE-2023-0464","qid":"356233","title":"Amazon Linux Security Advisory for openssl-snapsafe : ALASOPENSSL-SNAPSAFE-2023-002"},{"cve":"CVE-2023-0464","qid":"356483","title":"Amazon Linux Security Advisory for openssl-snapsafe : ALAS2OPENSSL-SNAPSAFE-2023-002"},{"cve":"CVE-2023-0464","qid":"357333","title":"Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502"},{"cve":"CVE-2023-0464","qid":"378679","title":"Oracle Managed Virtualization (VM) VirtualBox Linux Multiple Vulnerabilities (CPUJUL2023)"},{"cve":"CVE-2023-0464","qid":"378680","title":"Oracle Managed Virtualization (VM) VirtualBox Windows Multiple Vulnerabilities (CPUJUL2023)"},{"cve":"CVE-2023-0464","qid":"379141","title":"SolarWinds Serv-U HTML Injection Vulnerability"},{"cve":"CVE-2023-0464","qid":"379220","title":"GitLab Multiple Security Vulnerabilities (gitlab- 15.11.1, 15.10.5, and 15.9.6)"},{"cve":"CVE-2023-0464","qid":"379452","title":"IBM Cognos Analytics Multiple Vulnerabilities (7123154)"},{"cve":"CVE-2023-0464","qid":"38893","title":"OpenSSL Invalid certificate policies"},{"cve":"CVE-2023-0464","qid":"502681","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2023-0464","qid":"502682","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2023-0464","qid":"502683","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) 3"},{"cve":"CVE-2023-0464","qid":"502758","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2023-0464","qid":"502908","title":"Alpine Linux Security Update for openssl1.1-compat"},{"cve":"CVE-2023-0464","qid":"503022","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2023-0464","qid":"503118","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2023-0464","qid":"505785","title":"Alpine Linux Security Update for openssl1.1-compat"},{"cve":"CVE-2023-0464","qid":"505903","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2023-0464","qid":"672905","title":"EulerOS Security Update for shim (EulerOS-SA-2023-1830)"},{"cve":"CVE-2023-0464","qid":"672930","title":"EulerOS Security Update for shim (EulerOS-SA-2023-1812)"},{"cve":"CVE-2023-0464","qid":"672941","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1807)"},{"cve":"CVE-2023-0464","qid":"672943","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1825)"},{"cve":"CVE-2023-0464","qid":"672984","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1875)"},{"cve":"CVE-2023-0464","qid":"673006","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1850)"},{"cve":"CVE-2023-0464","qid":"673062","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2195)"},{"cve":"CVE-2023-0464","qid":"673095","title":"EulerOS Security Update for compat-openssl10 (EulerOS-SA-2023-2187)"},{"cve":"CVE-2023-0464","qid":"673398","title":"EulerOS Security Update for linux-sgx (EulerOS-SA-2023-3047)"},{"cve":"CVE-2023-0464","qid":"673566","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2702)"},{"cve":"CVE-2023-0464","qid":"673605","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2660)"},{"cve":"CVE-2023-0464","qid":"673941","title":"EulerOS Security Update for shim (EulerOS-SA-2023-2909)"},{"cve":"CVE-2023-0464","qid":"674034","title":"EulerOS Security Update for shim (EulerOS-SA-2023-2890)"},{"cve":"CVE-2023-0464","qid":"691099","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (1ba034fb-ca38-11ed-b242-d4c9ef517024)"},{"cve":"CVE-2023-0464","qid":"691183","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for python (d86becfe-05a4-11ee-9d4a-080027eda32c)"},{"cve":"CVE-2023-0464","qid":"710857","title":"Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202402-08)"},{"cve":"CVE-2023-0464","qid":"753863","title":"SUSE Enterprise Linux Security Update for compat-openssl098 (SUSE-SU-2023:1737-1)"},{"cve":"CVE-2023-0464","qid":"753879","title":"SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2023:1704-1)"},{"cve":"CVE-2023-0464","qid":"753880","title":"SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2023:1703-1)"},{"cve":"CVE-2023-0464","qid":"753884","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1748-1)"},{"cve":"CVE-2023-0464","qid":"753885","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1747-1)"},{"cve":"CVE-2023-0464","qid":"753896","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1790-1)"},{"cve":"CVE-2023-0464","qid":"906793","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (25697-1)"},{"cve":"CVE-2023-0464","qid":"906803","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for rust (25709-1)"},{"cve":"CVE-2023-0464","qid":"906945","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kata-containers-cc (26731-1)"},{"cve":"CVE-2023-0464","qid":"907371","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for edk2 (31141-1)"},{"cve":"CVE-2023-0464","qid":"941150","title":"AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2023:3722)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-0464","ASSIGNER":"openssl-security@openssl.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints.  Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"inefficient algorithmic complexity"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"OpenSSL","product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_affected":"<","version_name":"3.1.0","version_value":"3.1.1"},{"version_affected":"<","version_name":"3.0.0","version_value":"3.0.9"},{"version_affected":"<","version_name":"1.1.1","version_value":"1.1.1u"},{"version_affected":"<","version_name":"1.0.2","version_value":"1.0.2zh"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.openssl.org/news/secadv/20230322.txt","refsource":"MISC","name":"https://www.openssl.org/news/secadv/20230322.txt"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e"},{"url":"https://www.debian.org/security/2023/dsa-5417","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5417"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"credits":[{"lang":"en","value":"David Benjamin (Google)"},{"lang":"en","value":"Dr Paul Dale"}]},"nvd":{"publishedDate":"2023-03-22 17:15:00","lastModifiedDate":"2024-02-04 09:15:00","problem_types":["CWE-295"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1u","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2zh","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}