Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023043

Product

CVSS Score

Original Date

Last Revised

Supervyse

Low-Medium

2023-09-12

Summary

Upgrade OpenSSL to 1.1.1u.

Vulnerability Details

CVSS Vector: Multiple

Upgrade OpenSSL to 1.1.1u which addressed the following vulnerabilities.
H2O-0324-2302

  1. CVE-2023-0464
    CVSS: Low
    Description: Excessive Resource Usage Verifying X.509 Policy Constraints.
  2. CVE-2023-0465
    CVSS: Low
    Description: Invalid certificate policies in leaf certificates are silently ignored.
  3. CVE-2023-0466
    CVSS: Low
    Description: Certificate policy check not enabled.
  4. CVE-2023-2650
    CVSS: Medium
    Description: Possible DoS translating ASN.1 object identifiers.

Solution Information

OPF RV 23.06 and after.
SPF RV 23.05 and after.

Acknowledgements

Revision History

Revision #

Date

Description

1

2023-09-12

Initial Release