Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023049

Product

CVSS Score

Original Date

Last Revised

Supervyse

5.9-7.4

2023-05-09

Summary

Upgrade OpenSSL to 1.1.1t.

Vulnerability Details

CVSS Vector: Multiple

Upgrade OpenSSL to 1.1.1t to fix the following vulnerabilities.

  1. CVE-2023-0286
    CVSS:7.4
    Description: X.400 address type confusion in X.509 GeneralName
  2. CVE-2022-4304
    CVSS:5.9
    Description: Timing Oracle in RSA Decryption
  3. CVE-2023-0215
    CVSS:5.9
    Description: Use-after-free following BIO_new_NDEF
  4. CVE-2022-4450
    CVSS:5.9
    Description: Double free after calling PEM_read_bio_ex

Solution Information

OPF RV 23.05 and after.
SPF RV 23.05 and after.

Acknowledgements

Revision History

Revision #

Date

Description

1

2023-05-09

Initial Release