Insyde Security Advisory 2023042

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023042 Software 09/12/2023 09/12/2023

Summary:

Code change to accommodate OpenSSL 1.1.1u.

Vulnerability Details

InsydeH2O code change to accommodate OpenSSL 1.1.1u and fix the following vulnerabilities.
H2O-0324-2302

  1. CVE-2023-0464
    CVSS: Low
    Description: Excessive Resource Usage Verifying X.509 Policy Constraints.
  2. CVE-2023-0465
    CVSS: Low
    Description: Invalid certificate policies in leaf certificates are silently ignored.
  3. CVE-2023-0466
    CVSS: Low
    Description: Certificate policy check not enabled.
  4. CVE-2023-2650
    CVSS: Medium
    Description: Possible DoS translating ASN.1 object identifiers.


kernel 5.3: Version 05.37.23
kernel 5.4: Version 05.45.23
kernel 5.5: Version 05.53.23
kernel 5.5: Version 05.60.23

Revision History:

Revision Date Description
1.0 09/12/2023 Initial Release
- - -

Return to Insyde's Security Pledge