High severityNVD Advisory· Published Feb 8, 2023· Updated Nov 4, 2025
Invalid pointer dereference in d2i_PKCS7 functions
CVE-2023-0216
Description
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openssl-srccrates.io | >= 300.0.0, < 300.0.12 | 300.0.12 |
Affected products
44- osv-coords43 versionspkg:apk/chainguard/libcrypto3pkg:apk/chainguard/libssl3pkg:apk/chainguard/opensslpkg:apk/chainguard/openssl-configpkg:apk/chainguard/openssl-dbgpkg:apk/chainguard/openssl-devpkg:apk/chainguard/openssl-docpkg:apk/chainguard/openssl-engine-afalgpkg:apk/chainguard/openssl-engine-capipkg:apk/chainguard/openssl-engine-loader-atticpkg:apk/chainguard/openssl-engine-padlockpkg:apk/chainguard/openssl-provider-fipspkg:apk/chainguard/openssl-provider-legacypkg:apk/chainguard/ruby-3.1pkg:apk/chainguard/ruby-3.1-basepkg:apk/chainguard/ruby-3.1-base-devpkg:apk/chainguard/ruby-3.1-devpkg:apk/chainguard/ruby-3.1-docpkg:apk/wolfi/libcrypto3pkg:apk/wolfi/libssl3pkg:apk/wolfi/opensslpkg:apk/wolfi/openssl-configpkg:apk/wolfi/openssl-dbgpkg:apk/wolfi/openssl-devpkg:apk/wolfi/openssl-docpkg:apk/wolfi/openssl-engine-afalgpkg:apk/wolfi/openssl-engine-capipkg:apk/wolfi/openssl-engine-loader-atticpkg:apk/wolfi/openssl-engine-padlockpkg:apk/wolfi/openssl-provider-legacypkg:apk/wolfi/ruby-3.1pkg:apk/wolfi/ruby-3.1-basepkg:apk/wolfi/ruby-3.1-base-devpkg:apk/wolfi/ruby-3.1-devpkg:apk/wolfi/ruby-3.1-docpkg:cargo/openssl-srcpkg:rpm/almalinux/opensslpkg:rpm/almalinux/openssl-develpkg:rpm/almalinux/openssl-libspkg:rpm/almalinux/openssl-perlpkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 3.1.0-r0+ 42 more
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.0.8-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 300.0.0, < 300.0.12
- (no CPE)range: < 1:3.0.1-47.el9_1
- (no CPE)range: < 1:3.0.1-47.el9_1
- (no CPE)range: < 1:3.0.1-47.el9_1
- (no CPE)range: < 1:3.0.1-47.el9_1
- (no CPE)range: < 3.0.1-150400.4.17.1
- (no CPE)range: < 3.0.8-1.1
- (no CPE)range: < 3.0.1-150400.4.17.1
- Range: 3.0.0
Patches
Vulnerability mechanics
References
7- git.openssl.org/gitweb/ghsapatchWEB
- github.com/advisories/GHSA-29xx-hcv2-c4cpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-0216ghsaADVISORY
- www.openssl.org/news/secadv/20230207.txtghsavendor-advisoryWEB
- psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003ghsaWEB
- rustsec.org/advisories/RUSTSEC-2023-0011.htmlghsaWEB
- security.gentoo.org/glsa/202402-08ghsaWEB
News mentions
0No linked articles in our index yet.