Insyde Security Advisory 2023043

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023043 Software Multiple Low-Medium 09/12/2023 09/12/2023

Summary:

Upgrade OpenSSL to 1.1.1u.

Vulnerability Details

Upgrade OpenSSL to 1.1.1u which addressed the following vulnerabilities.
H2O-0324-2302

  1. CVE-2023-0464
    CVSS: Low
    Description: Excessive Resource Usage Verifying X.509 Policy Constraints.
  2. CVE-2023-0465
    CVSS: Low
    Description: Invalid certificate policies in leaf certificates are silently ignored.
  3. CVE-2023-0466
    CVSS: Low
    Description: Certificate policy check not enabled.
  4. CVE-2023-2650
    CVSS: Medium
    Description: Possible DoS translating ASN.1 object identifiers.


Solution Information:
OPF RV 23.06 and after.
SPF RV 23.05 and after.

Revision History:

Revision Date Description
1.0 09/12/2023 Initial Release
- - -

Return to Insyde's Security Pledge