Insyde's Security Pledge

Insyde Security Advisory 2023049

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023049 Software 5.9-7.4 05/09/2023 05/09/2023

Summary:

Upgrade OpenSSL to 1.1.1t.

Vulnerability Details

Upgrade OpenSSL to 1.1.1t to fix the following vulnerabilities.

  1. CVE-2023-0286
    CVSS:7.4
    Description: X.400 address type confusion in X.509 GeneralName
  2. CVE-2022-4304
    CVSS:5.9
    Description: Timing Oracle in RSA Decryption
  3. CVE-2023-0215
    CVSS:5.9
    Description: Use-after-free following BIO_new_NDEF
  4. CVE-2022-4450
    CVSS:5.9
    Description: Double free after calling PEM_read_bio_ex


OPF RV 23.05 and after.
SPF RV 23.05 and after.

Revision History:

Revision Date Description
1.0 05/09/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge