Insyde's Security Pledge
Insyde Security Advisory 2023042
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023042 | Software | 09/12/2023 | 09/12/2023 |
Summary:
Code change to accommodate OpenSSL 1.1.1u.
Vulnerability Details
InsydeH2O code change to accommodate OpenSSL 1.1.1u and fix the following vulnerabilities.
H2O-0324-2302
- CVE-2023-0464
CVSS: Low
Description: Excessive Resource Usage Verifying X.509 Policy Constraints. - CVE-2023-0465
CVSS: Low
Description: Invalid certificate policies in leaf certificates are silently ignored. - CVE-2023-0466
CVSS: Low
Description: Certificate policy check not enabled. - CVE-2023-2650
CVSS: Medium
Description: Possible DoS translating ASN.1 object identifiers.
kernel 5.3: Version 05.37.23
kernel 5.4: Version 05.45.23
kernel 5.5: Version 05.53.23
kernel 5.5: Version 05.60.23
Revision History:
Revision | Date | Description |
1.0 | 09/12/2023 | Initial Release |
- | - | - |