Insyde's Security Pledge
Insyde Security Advisory 2023049
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023049 | Software | 5.9-7.4 | 05/09/2023 | 05/09/2023 |
Summary:
Upgrade OpenSSL to 1.1.1t.
Vulnerability Details
Upgrade OpenSSL to 1.1.1t to fix the following vulnerabilities.
- CVE-2023-0286
CVSS:7.4
Description: X.400 address type confusion in X.509 GeneralName - CVE-2022-4304
CVSS:5.9
Description: Timing Oracle in RSA Decryption - CVE-2023-0215
CVSS:5.9
Description: Use-after-free following BIO_new_NDEF - CVE-2022-4450
CVSS:5.9
Description: Double free after calling PEM_read_bio_ex
OPF RV 23.05 and after.
SPF RV 23.05 and after.
Revision History:
Revision | Date | Description |
1.0 | 05/09/2023 | Initial Release |
-- | -- | -- |