{"api_version":"1","generated_at":"2026-04-22T23:08:39+00:00","cve":"CVE-2023-0465","urls":{"html":"https://cve.report/CVE-2023-0465","api":"https://cve.report/api/cve/CVE-2023-0465.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-0465","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-0465"},"summary":{"title":"CVE-2023-0465","description":"Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.","state":"PUBLIC","assigner":"openssl-security@openssl.org","published_at":"2023-03-28 15:15:00","updated_at":"2024-02-04 09:15:00"},"problem_types":["CWE-295"],"metrics":[],"references":[{"url":"https://www.openssl.org/news/secadv/20230328.txt","name":"https://www.openssl.org/news/secadv/20230328.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5417","name":"https://www.debian.org/security/2023/dsa-5417","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5417-1 openssl","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3449-1] openssl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202402-08","name":"https://security.gentoo.org/glsa/202402-08","refsource":"","tags":[],"title":"OpenSSL: Multiple Vulnerabilities (GLSA 202402-08) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230414-0001/","name":"https://security.netapp.com/advisory/ntap-20230414-0001/","refsource":"MISC","tags":[],"title":"March 2023 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-0465","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0465","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"465","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-0465","qid":"160752","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2023-3722)"},{"cve":"CVE-2023-0465","qid":"181818","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5417-1)"},{"cve":"CVE-2023-0465","qid":"181834","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 3449-1)"},{"cve":"CVE-2023-0465","qid":"183838","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2023-0465)"},{"cve":"CVE-2023-0465","qid":"241736","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2023:3722)"},{"cve":"CVE-2023-0465","qid":"242553","title":"Red Hat Update for JBoss Core Services (RHSA-2023:7625)"},{"cve":"CVE-2023-0465","qid":"330149","title":"IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (openssl_advisory39)"},{"cve":"CVE-2023-0465","qid":"355097","title":"Amazon Linux Security Advisory for openssl11 : ALAS2-2023-2039"},{"cve":"CVE-2023-0465","qid":"355167","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-181"},{"cve":"CVE-2023-0465","qid":"355387","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2-2023-2073"},{"cve":"CVE-2023-0465","qid":"355428","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2023-1762"},{"cve":"CVE-2023-0465","qid":"355523","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : AL2012-2023-422"},{"cve":"CVE-2023-0465","qid":"356233","title":"Amazon Linux Security Advisory for openssl-snapsafe : ALASOPENSSL-SNAPSAFE-2023-002"},{"cve":"CVE-2023-0465","qid":"356483","title":"Amazon Linux Security Advisory for openssl-snapsafe : ALAS2OPENSSL-SNAPSAFE-2023-002"},{"cve":"CVE-2023-0465","qid":"357333","title":"Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502"},{"cve":"CVE-2023-0465","qid":"379141","title":"SolarWinds Serv-U HTML Injection Vulnerability"},{"cve":"CVE-2023-0465","qid":"38893","title":"OpenSSL Invalid certificate policies"},{"cve":"CVE-2023-0465","qid":"502694","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2023-0465","qid":"502695","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2023-0465","qid":"502696","title":"Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)"},{"cve":"CVE-2023-0465","qid":"502759","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2023-0465","qid":"502909","title":"Alpine Linux Security Update for openssl1.1-compat"},{"cve":"CVE-2023-0465","qid":"503022","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2023-0465","qid":"503119","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2023-0465","qid":"505786","title":"Alpine Linux Security Update for openssl1.1-compat"},{"cve":"CVE-2023-0465","qid":"505904","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2023-0465","qid":"672941","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1807)"},{"cve":"CVE-2023-0465","qid":"672943","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1825)"},{"cve":"CVE-2023-0465","qid":"673062","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2195)"},{"cve":"CVE-2023-0465","qid":"673095","title":"EulerOS Security Update for compat-openssl10 (EulerOS-SA-2023-2187)"},{"cve":"CVE-2023-0465","qid":"673173","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2317)"},{"cve":"CVE-2023-0465","qid":"673178","title":"EulerOS Security Update for shim (EulerOS-SA-2023-2324)"},{"cve":"CVE-2023-0465","qid":"673200","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2337)"},{"cve":"CVE-2023-0465","qid":"673205","title":"EulerOS Security Update for shim (EulerOS-SA-2023-2344)"},{"cve":"CVE-2023-0465","qid":"673231","title":"EulerOS Security Update for shim (EulerOS-SA-2023-2369)"},{"cve":"CVE-2023-0465","qid":"673243","title":"EulerOS Security Update for shim (EulerOS-SA-2023-2395)"},{"cve":"CVE-2023-0465","qid":"673331","title":"EulerOS Security Update for shim (EulerOS-SA-2023-2711)"},{"cve":"CVE-2023-0465","qid":"673398","title":"EulerOS Security Update for linux-sgx (EulerOS-SA-2023-3047)"},{"cve":"CVE-2023-0465","qid":"673566","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2702)"},{"cve":"CVE-2023-0465","qid":"673605","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2660)"},{"cve":"CVE-2023-0465","qid":"673724","title":"EulerOS Security Update for shim (EulerOS-SA-2024-1299)"},{"cve":"CVE-2023-0465","qid":"674033","title":"EulerOS Security Update for shim (EulerOS-SA-2023-2669)"},{"cve":"CVE-2023-0465","qid":"691102","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (425b9538-ce5f-11ed-ade3-d4c9ef517024)"},{"cve":"CVE-2023-0465","qid":"691183","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for python (d86becfe-05a4-11ee-9d4a-080027eda32c)"},{"cve":"CVE-2023-0465","qid":"710857","title":"Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202402-08)"},{"cve":"CVE-2023-0465","qid":"753896","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1790-1)"},{"cve":"CVE-2023-0465","qid":"753898","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1794-1)"},{"cve":"CVE-2023-0465","qid":"753923","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1908-1)"},{"cve":"CVE-2023-0465","qid":"753924","title":"SUSE Enterprise Linux Security Update for compat-openssl098 (SUSE-SU-2023:1912-1)"},{"cve":"CVE-2023-0465","qid":"753927","title":"SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2023:1922-1)"},{"cve":"CVE-2023-0465","qid":"754004","title":"SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2023:1914-1)"},{"cve":"CVE-2023-0465","qid":"906787","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (25951-1)"},{"cve":"CVE-2023-0465","qid":"906849","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (25937-1)"},{"cve":"CVE-2023-0465","qid":"907019","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kata-containers-cc (27241-1)"},{"cve":"CVE-2023-0465","qid":"907543","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for edk2 (31145-1)"},{"cve":"CVE-2023-0465","qid":"941150","title":"AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2023:3722)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-0465","ASSIGNER":"openssl-security@openssl.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"improper certificate validation"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"OpenSSL","product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_affected":"<","version_name":"3.1.0","version_value":"3.1.1"},{"version_affected":"<","version_name":"3.0.0","version_value":"3.0.9"},{"version_affected":"<","version_name":"1.1.1","version_value":"1.1.1u"},{"version_affected":"<","version_name":"1.0.2","version_value":"1.0.2zh"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.openssl.org/news/secadv/20230328.txt","refsource":"MISC","name":"https://www.openssl.org/news/secadv/20230328.txt"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a"},{"url":"https://security.netapp.com/advisory/ntap-20230414-0001/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20230414-0001/"},{"url":"https://www.debian.org/security/2023/dsa-5417","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5417"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"credits":[{"lang":"en","value":"David Benjamin (Google)"},{"lang":"en","value":"Matt Caswell"}]},"nvd":{"publishedDate":"2023-03-28 15:15:00","lastModifiedDate":"2024-02-04 09:15:00","problem_types":["CWE-295"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1u","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2zh","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}