{"api_version":"1","generated_at":"2026-04-22T23:23:05+00:00","cve":"CVE-2023-0466","urls":{"html":"https://cve.report/CVE-2023-0466","api":"https://cve.report/api/cve/CVE-2023-0466.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-0466","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-0466"},"summary":{"title":"CVE-2023-0466","description":"The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.","state":"PUBLIC","assigner":"openssl-security@openssl.org","published_at":"2023-03-28 15:15:00","updated_at":"2024-02-04 09:15:00"},"problem_types":["CWE-295"],"metrics":[],"references":[{"url":"https://www.openssl.org/news/secadv/20230328.txt","name":"https://www.openssl.org/news/secadv/20230328.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5417","name":"https://www.debian.org/security/2023/dsa-5417","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5417-1 openssl","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3449-1] openssl security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202402-08","name":"https://security.gentoo.org/glsa/202402-08","refsource":"","tags":[],"title":"OpenSSL: Multiple Vulnerabilities (GLSA 202402-08) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/4","name":"http://www.openwall.com/lists/oss-security/2023/09/28/4","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-4863: libwebp: Heap buffer overflow in\n WebP Codec","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230414-0001/","name":"https://security.netapp.com/advisory/ntap-20230414-0001/","refsource":"MISC","tags":[],"title":"March 2023 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061","refsource":"MISC","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-0466","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0466","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"466","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-0466","qid":"160752","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2023-3722)"},{"cve":"CVE-2023-0466","qid":"181818","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5417-1)"},{"cve":"CVE-2023-0466","qid":"181834","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 3449-1)"},{"cve":"CVE-2023-0466","qid":"184226","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2023-0466)"},{"cve":"CVE-2023-0466","qid":"199305","title":"Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-6039-1)"},{"cve":"CVE-2023-0466","qid":"241736","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2023:3722)"},{"cve":"CVE-2023-0466","qid":"242553","title":"Red Hat Update for JBoss Core Services (RHSA-2023:7625)"},{"cve":"CVE-2023-0466","qid":"330149","title":"IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (openssl_advisory39)"},{"cve":"CVE-2023-0466","qid":"355097","title":"Amazon Linux Security Advisory for openssl11 : ALAS2-2023-2039"},{"cve":"CVE-2023-0466","qid":"355167","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2023-2023-181"},{"cve":"CVE-2023-0466","qid":"355387","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS2-2023-2073"},{"cve":"CVE-2023-0466","qid":"355428","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2023-1762"},{"cve":"CVE-2023-0466","qid":"355523","title":"Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : AL2012-2023-422"},{"cve":"CVE-2023-0466","qid":"356233","title":"Amazon Linux Security Advisory for openssl-snapsafe : ALASOPENSSL-SNAPSAFE-2023-002"},{"cve":"CVE-2023-0466","qid":"356483","title":"Amazon Linux Security Advisory for openssl-snapsafe : ALAS2OPENSSL-SNAPSAFE-2023-002"},{"cve":"CVE-2023-0466","qid":"357333","title":"Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502"},{"cve":"CVE-2023-0466","qid":"379141","title":"SolarWinds Serv-U HTML Injection Vulnerability"},{"cve":"CVE-2023-0466","qid":"38893","title":"OpenSSL Invalid certificate policies"},{"cve":"CVE-2023-0466","qid":"502760","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2023-0466","qid":"672941","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1807)"},{"cve":"CVE-2023-0466","qid":"672943","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-1825)"},{"cve":"CVE-2023-0466","qid":"673062","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2195)"},{"cve":"CVE-2023-0466","qid":"673095","title":"EulerOS Security Update for compat-openssl10 (EulerOS-SA-2023-2187)"},{"cve":"CVE-2023-0466","qid":"673173","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2317)"},{"cve":"CVE-2023-0466","qid":"673200","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2337)"},{"cve":"CVE-2023-0466","qid":"673398","title":"EulerOS Security Update for linux-sgx (EulerOS-SA-2023-3047)"},{"cve":"CVE-2023-0466","qid":"673566","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2702)"},{"cve":"CVE-2023-0466","qid":"673605","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2023-2660)"},{"cve":"CVE-2023-0466","qid":"691102","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (425b9538-ce5f-11ed-ade3-d4c9ef517024)"},{"cve":"CVE-2023-0466","qid":"691183","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for python (d86becfe-05a4-11ee-9d4a-080027eda32c)"},{"cve":"CVE-2023-0466","qid":"710857","title":"Gentoo Linux Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (GLSA 202402-08)"},{"cve":"CVE-2023-0466","qid":"753896","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1790-1)"},{"cve":"CVE-2023-0466","qid":"753898","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1794-1)"},{"cve":"CVE-2023-0466","qid":"753923","title":"SUSE Enterprise Linux Security Update for openssl-1_1 (SUSE-SU-2023:1908-1)"},{"cve":"CVE-2023-0466","qid":"753927","title":"SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2023:1922-1)"},{"cve":"CVE-2023-0466","qid":"754004","title":"SUSE Enterprise Linux Security Update for openssl-1_0_0 (SUSE-SU-2023:1914-1)"},{"cve":"CVE-2023-0466","qid":"906785","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (25950-1)"},{"cve":"CVE-2023-0466","qid":"906857","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (25936-1)"},{"cve":"CVE-2023-0466","qid":"941150","title":"AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2023:3722)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-0466","ASSIGNER":"openssl-security@openssl.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"improper certificate validation"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"OpenSSL","product":{"product_data":[{"product_name":"OpenSSL","version":{"version_data":[{"version_affected":"<","version_name":"3.1.0","version_value":"3.1.1"},{"version_affected":"<","version_name":"3.0.0","version_value":"3.0.9"},{"version_affected":"<","version_name":"1.1.1","version_value":"1.1.1u"},{"version_affected":"<","version_name":"1.0.2","version_value":"1.0.2zh"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.openssl.org/news/secadv/20230328.txt","refsource":"MISC","name":"https://www.openssl.org/news/secadv/20230328.txt"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72","refsource":"MISC","name":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72"},{"url":"https://security.netapp.com/advisory/ntap-20230414-0001/","refsource":"MISC","name":"https://security.netapp.com/advisory/ntap-20230414-0001/"},{"url":"https://www.debian.org/security/2023/dsa-5417","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5417"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html"},{"url":"http://www.openwall.com/lists/oss-security/2023/09/28/4","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/09/28/4"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"credits":[{"lang":"en","value":"David Benjamin (Google)"},{"lang":"en","value":"Tomas Mraz"}]},"nvd":{"publishedDate":"2023-03-28 15:15:00","lastModifiedDate":"2024-02-04 09:15:00","problem_types":["CWE-295"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1u","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2zh","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}