Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:204245
[Eng]
Version
15
Class
vulnerability
ALTXid
425232
Language
Russian
Severity
High
Title
Red Hat/CentOS -- уязвимость в Red Hat Virtualization Host 4.4.z, edk2, OpenSSL, Red Hat JBoss Core Services Apache HTTP Server, Red Hat JBoss Web Server (CVE-2023-0286)
Description
В продукте Red Hat Virtualization Host 4.4.z, edk2, OpenSSL, Red Hat JBoss Core Services Apache HTTP Server, Red Hat JBoss Web Server обнаружена уязвимость CVE-2023-0286.
Family
unix
Platform
CentOS Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.1
Red Hat Enterprise Linux 8.2
Red Hat Enterprise Linux 8.4
Red Hat Enterprise Linux 8.6
Red Hat Enterprise Linux 9
Product
edk2
OpenSSL
Red Hat JBoss Core Services Apache HTTP Server
Red Hat JBoss Web Server
Red Hat Virtualization Host 4.4.z
Reference
VENDOR: RHSA-2023:5209
VENDOR: RHSA-2023:5209
Id:
RHSA-2023:5209
Reference:
https://access.redhat.com/errata/RHSA-2023:5209
VENDOR: RHSA-2023:2165
VENDOR: RHSA-2023:2165
Id:
RHSA-2023:2165
Reference:
https://access.redhat.com/errata/RHSA-2023:2165
VENDOR: RHSA-2023:3354
VENDOR: RHSA-2023:3354
Id:
RHSA-2023:3354
Reference:
https://access.redhat.com/errata/RHSA-2023:3354
VENDOR: RHSA-2023:3420
VENDOR: RHSA-2023:3420
Id:
RHSA-2023:3420
Reference:
https://access.redhat.com/errata/RHSA-2023:3420
VENDOR: RHSA-2023:4252
VENDOR: RHSA-2023:4252
Id:
RHSA-2023:4252
Reference:
https://access.redhat.com/errata/RHSA-2023:4252
VENDOR: RHSA-2023:4124
VENDOR: RHSA-2023:4124
Id:
RHSA-2023:4124
Reference:
https://access.redhat.com/errata/RHSA-2023:4124
VENDOR: RHSA-2023:4128
VENDOR: RHSA-2023:4128
Id:
RHSA-2023:4128
Reference:
https://access.redhat.com/errata/RHSA-2023:4128
NKCKI: VULN-20230531.8
NKCKI: VULN-20230531.8
Id:
VULN-20230531.8
Reference:
https://safe-surf.ru/specialists/bulletins-nkcki/693241/
VENDOR: RHSA-2023:2932
VENDOR: RHSA-2023:2932
Id:
RHSA-2023:2932
Reference:
https://access.redhat.com/errata/RHSA-2023:2932
NKCKI: VULN-20230424.7
NKCKI: VULN-20230424.7
Id:
VULN-20230424.7
Reference:
https://safe-surf.ru/specialists/bulletins-nkcki/692167/
VENDOR: RHSA-2023:2022
VENDOR: RHSA-2023:2022
Id:
RHSA-2023:2022
Reference:
https://access.redhat.com/errata/RHSA-2023:2022
VENDOR: RHSA-2023:0946
VENDOR: RHSA-2023:0946
Id:
RHSA-2023:0946
Reference:
https://access.redhat.com/errata/RHSA-2023:0946
CESA-2023:1335: CESA-2023:1335
CESA-2023:1335: CESA-2023:1335
Id:
CESA-2023:1335
Reference:
http://lists.centos.org/pipermail/centos-announce/2023-March/086392.html
VENDOR: RHSA-2023:1405
VENDOR: RHSA-2023:1405
Id:
RHSA-2023:1405
Reference:
https://access.redhat.com/errata/RHSA-2023:1405
VENDOR: RHSA-2023:1441
VENDOR: RHSA-2023:1441
Id:
RHSA-2023:1441
Reference:
https://access.redhat.com/errata/RHSA-2023:1441
VENDOR: RHSA-2023:1440
VENDOR: RHSA-2023:1440
Id:
RHSA-2023:1440
Reference:
https://access.redhat.com/errata/RHSA-2023:1440
VENDOR: RHSA-2023:1439
VENDOR: RHSA-2023:1439
Id:
RHSA-2023:1439
Reference:
https://access.redhat.com/errata/RHSA-2023:1439
VENDOR: RHSA-2023:1438
VENDOR: RHSA-2023:1438
Id:
RHSA-2023:1438
Reference:
https://access.redhat.com/errata/RHSA-2023:1438
VENDOR: RHSA-2023:1437
VENDOR: RHSA-2023:1437
Id:
RHSA-2023:1437
Reference:
https://access.redhat.com/errata/RHSA-2023:1437
FSTEC: BDU:2023-00665
FSTEC: BDU:2023-00665
Id:
BDU:2023-00665
Reference:
https://bdu.fstec.ru/vul/2023-00665
NKCKI: VULN-20230321.1
NKCKI: VULN-20230321.1
Id:
VULN-20230321.1
Reference:
https://safe-surf.ru/upload/VULN/VULN-20230321.1.pdf
CVE: CVE-2023-0286
CVE: CVE-2023-0286
Id:
CVE-2023-0286
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286
Comment
: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
CVSSv3 Score:
7.4
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE:
843 (Access of Resource Using Incompatible Type ('Type Confusion'))
References:
https://www.openssl.org/news/secadv/20230207.txt (MISC)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 (MISC)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658 (MISC)
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d (MISC)
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt (MISC)
https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig (MISC)
https://security.gentoo.org/glsa/202402-08 ()
VENDOR: RHSA-2023:1199
VENDOR: RHSA-2023:1199
Id:
RHSA-2023:1199
Reference:
https://access.redhat.com/errata/RHSA-2023:1199
VENDOR: RHSA-2023:1335
VENDOR: RHSA-2023:1335
Id:
RHSA-2023:1335
Reference:
https://access.redhat.com/errata/RHSA-2023:1335
Content available only for registered users!
ovaldb@altx-soft.com