How severe is CVE-2023-0465?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-0465?

This is classified as CWE-295, which is a common weakness in software security.

CVE-2023-0465 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.

Related Vulnerabilities

CVE-2011-2207

MEDIUM

CVSS:5.3(Medium)

dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.

CWE-2952011

CVE-2016-11076

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.

CWE-2952016

CVE-2016-5648

MEDIUM

CVSS:5.3(Medium)

Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.

CWE-2952016

CVE-2017-1000417

MEDIUM

CVSS:5.3(Medium)

MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.

CWE-2952017

CVE-2017-18588

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.

CWE-2952017

CVE-2017-2623

MEDIUM

CVSS:5.3(Medium)

It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail t...

CWE-2952017