CVE-2023-0286
CVE Details
Last Update
7/16/2024
NIST CVE Summary
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1\_STRING but the public structure definition for GENERAL\_NAME incorrectly specified the type of the x400Address field as ASN1\_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL\_NAME\_cmp as an ASN1\_TYPE rather than an ASN1\_STRING.
Our Official Summary
This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX.
CVE Severity
Status
Ongoing