Skip to main content

CVE-2023-0286

CVE Details

CVE-2023-0286

Last Update

7/16/2024

NIST CVE Summary

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1\_STRING but the public structure definition for GENERAL\_NAME incorrectly specified the type of the x400Address field as ASN1\_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL\_NAME\_cmp as an ASN1\_TYPE rather than an ASN1\_STRING.

Our Official Summary

This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX.

CVE Severity

7.4

Status

Ongoing