Login Sign Up

CVE-2023-0286

7.4 HIGH
Denial of Service

📋 TL;DR

CVE-2023-0286 is a type confusion vulnerability in OpenSSL's X.400 address processing that can cause memory corruption when CRL checking is enabled. Attackers can potentially read memory contents or cause denial of service by providing specially crafted certificates and CRLs. This primarily affects applications that implement custom CRL retrieval functionality over networks.

💻 Affected Systems

Products:
  • OpenSSL
  • LibreSSL
  • applications using vulnerable OpenSSL versions
Versions: OpenSSL 3.0.0 to 3.0.7, 1.1.1 to 1.1.1t, LibreSSL versions before 3.6.2
Operating Systems: All operating systems running affected OpenSSL versions
Default Config Vulnerable: ✅ No
Notes: Vulnerability only triggers when X509_V_FLAG_CRL_CHECK flag is set and applications implement custom CRL retrieval

📦 What is this software?

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Openssl by Openssl

OpenSSL is a robust, commercial-grade toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It provides cryptographic functions and is one of the most widely used libraries for implementing secure communications in applications worldwide.

Learn more about Openssl →

Stormshield Management Center by Stormshield

View all CVEs affecting Stormshield Management Center →

Stormshield Network Security by Stormshield

View all CVEs affecting Stormshield Network Security →

Stormshield Network Security by Stormshield

View all CVEs affecting Stormshield Network Security →

Stormshield Network Security by Stormshield

View all CVEs affecting Stormshield Network Security →

Stormshield Network Security by Stormshield

View all CVEs affecting Stormshield Network Security →

Stormshield Network Security by Stormshield

View all CVEs affecting Stormshield Network Security →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to arbitrary code execution or sensitive information disclosure from process memory

🟠

Likely Case

Denial of service through application crashes or memory corruption without code execution

🟢

If Mitigated

No impact if CRL checking is disabled or proper input validation is implemented

🌐 Internet-Facing: MEDIUM - Requires specific conditions (CRL checking enabled + custom CRL retrieval) and attacker control over certificate/CRL inputs
🏢 Internal Only: LOW - Same requirements as internet-facing, but reduced attack surface

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires attacker to provide both certificate chain and CRL with X.400 addresses, or control one input while the other already contains X.400 address as CRL distribution point

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: OpenSSL 3.0.8, 1.1.1u, LibreSSL 3.6.2

Vendor Advisory: https://www.openssl.org/news/secadv/20230207.txt

Restart Required: Yes

Instructions:

1. Identify OpenSSL/LibreSSL version. 2. Update to patched version via package manager (apt-get upgrade openssl, yum update openssl, etc.). 3. Restart affected services. 4. Recompile statically linked applications with updated libraries.

🔧 Temporary Workarounds

Disable CRL checking

all

Disable certificate revocation list checking in application configuration

Set X509_V_FLAG_CRL_CHECK to 0 in application code

Input validation

all

Reject certificates/CRLs containing X.400 addresses in CRL distribution points

Implement certificate validation to filter X.400 addresses

🧯 If You Can't Patch

  • Disable CRL checking functionality in all affected applications
  • Implement network segmentation to restrict access to CRL retrieval endpoints

🔍 How to Verify

Check if Vulnerable:

Check OpenSSL version with 'openssl version' and verify if between affected ranges (3.0.0-3.0.7 or 1.1.1-1.1.1t)

Check Version:

openssl version

Verify Fix Applied:

Verify version is 3.0.8+, 1.1.1u+, or LibreSSL 3.6.2+ with 'openssl version'

📡 Detection & Monitoring

Log Indicators:

  • Application crashes related to certificate validation
  • Memory access violation errors in OpenSSL context
  • Unexpected certificate parsing failures

Network Indicators:

  • Unusual CRL retrieval patterns
  • Multiple certificate validation requests with X.400 addresses

SIEM Query:

source="*ssl*" AND ("certificate validation" OR "CRL" OR "X.400") AND (error OR crash OR violation)

📊 Metadata

CVE ID: CVE-2023-0286
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-843
Published: February 8, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0286, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)