Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023042

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

Low

2023-09-12

Summary

Code change to accommodate OpenSSL 1.1.1u.

Vulnerability Details

CVSS Vector: Multiple

InsydeH2O code change to accommodate OpenSSL 1.1.1u and fix the following vulnerabilities.
H2O-0324-2302

  1. CVE-2023-0464
    CVSS: Low
    Description: Excessive Resource Usage Verifying X.509 Policy Constraints.
  2. CVE-2023-0465
    CVSS: Low
    Description: Invalid certificate policies in leaf certificates are silently ignored.
  3. CVE-2023-0466
    CVSS: Low
    Description: Certificate policy check not enabled.
  4. CVE-2023-2650
    CVSS: Medium
    Description: Possible DoS translating ASN.1 object identifiers.

Solution Information

kernel 5.3: Version 05.37.23
kernel 5.4: Version 05.45.23
kernel 5.5: Version 05.53.23
kernel 5.5: Version 05.60.23

Acknowledgements

Revision History

Revision #

Date

Description

1

2023-09-12

Initial Release