VYPR
High severityNVD Advisory· Published Feb 8, 2023· Updated Nov 4, 2025

NULL dereference validating DSA public key

CVE-2023-0217

Description

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.

The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
openssl-srccrates.io
>= 300.0.0, < 300.0.12300.0.12

Affected products

44

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.