Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
If an X.509 certificate contains a malformed policy constraint andpolicy processing is enabled, then a write lock will be taken twicerecursively. On some operating systems (most widely: Windows) thisresults in a denial of service when the affected process hangs. Policyprocessing being enabled on a publicly facing server is not consideredto be a common setup.Policy processing is enabled by passing the `-policy'argument to the command line utilities or by calling the`X509_VERIFY_PARAM_set1_policies()' function.Update (31 March 2023): The description of the policy processing enablementwas corrected based on CVE-2023-0466.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CrowdStrike/ivan
- https://github.com/JakubWierzchowski/manier
- https://github.com/agadecki/malware-cryptominer-container
- https://github.com/akaganeite/CVE4PP
- https://github.com/henriquebesing/container-security
- https://github.com/kb5fls/container-security
- https://github.com/ruzickap/malware-cryptominer-container