NULL dereference validating DSA public key
Description
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack.
The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A malformed DSA public key can cause an invalid pointer dereference in OpenSSL's EVP_PKEY_public_check(), leading to denial of service.
Vulnerability
Overview
CVE-2023-0217 is a denial-of-service vulnerability in OpenSSL caused by an invalid pointer dereference on read when the EVP_PKEY_public_check() function processes a malformed DSA public key [2]. The root cause is that the function does not properly validate the key structure before dereferencing a pointer, leading to a crash [1][2].
Attack
Vector
The vulnerability can be triggered by an attacker supplying a crafted DSA public key to an application that calls EVP_PKEY_public_check() on untrusted keys [2]. While the TLS implementation in OpenSSL does not invoke this function, applications may do so to meet additional security requirements such as FIPS 140-3 [1][2]. No authentication is required, and the attack can be performed remotely if the application accepts public keys from external sources.
Impact
Successful exploitation results in an application crash, causing a denial of service [2]. The impact is limited to availability; there is no evidence of code execution or privilege escalation.
Mitigation
OpenSSL has released patches in versions 3.0.8, 1.1.1t, and 1.0.2zg (for premium support customers) [1][3]. Users are advised to upgrade to these or later versions. The Gentoo security advisory also recommends upgrading to OpenSSL 3.0.10 or later [4]. No workaround is available [4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openssl-srccrates.io | >= 300.0.0, < 300.0.12 | 300.0.12 |
Affected products
43- osv-coords42 versionspkg:apk/chainguard/libcrypto3pkg:apk/chainguard/libssl3pkg:apk/chainguard/opensslpkg:apk/chainguard/openssl-configpkg:apk/chainguard/openssl-dbgpkg:apk/chainguard/openssl-devpkg:apk/chainguard/openssl-docpkg:apk/chainguard/openssl-engine-afalgpkg:apk/chainguard/openssl-engine-capipkg:apk/chainguard/openssl-engine-loader-atticpkg:apk/chainguard/openssl-engine-padlockpkg:apk/chainguard/openssl-provider-fipspkg:apk/chainguard/openssl-provider-legacypkg:apk/chainguard/ruby-3.1pkg:apk/chainguard/ruby-3.1-basepkg:apk/chainguard/ruby-3.1-base-devpkg:apk/chainguard/ruby-3.1-devpkg:apk/chainguard/ruby-3.1-docpkg:apk/wolfi/libcrypto3pkg:apk/wolfi/libssl3pkg:apk/wolfi/opensslpkg:apk/wolfi/openssl-configpkg:apk/wolfi/openssl-dbgpkg:apk/wolfi/openssl-devpkg:apk/wolfi/openssl-docpkg:apk/wolfi/openssl-engine-afalgpkg:apk/wolfi/openssl-engine-capipkg:apk/wolfi/openssl-engine-loader-atticpkg:apk/wolfi/openssl-engine-padlockpkg:apk/wolfi/openssl-provider-legacypkg:apk/wolfi/ruby-3.1pkg:apk/wolfi/ruby-3.1-basepkg:apk/wolfi/ruby-3.1-base-devpkg:apk/wolfi/ruby-3.1-devpkg:apk/wolfi/ruby-3.1-docpkg:cargo/openssl-srcpkg:rpm/almalinux/opensslpkg:rpm/almalinux/openssl-develpkg:rpm/almalinux/openssl-libspkg:rpm/almalinux/openssl-perlpkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
< 3.1.0-r0+ 41 more
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.0.8-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 3.1.0-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: >= 300.0.0, < 300.0.12
- (no CPE)range: < 1:3.0.1-47.el9_1
- (no CPE)range: < 1:3.0.1-47.el9_1
- (no CPE)range: < 1:3.0.1-47.el9_1
- (no CPE)range: < 1:3.0.1-47.el9_1
- (no CPE)range: < 3.0.1-150400.4.17.1
- (no CPE)range: < 3.0.1-150400.4.17.1
- Range: 3.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.openssl.org/gitweb/ghsapatchWEB
- github.com/advisories/GHSA-vxrh-cpg7-8vjrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-0217ghsaADVISORY
- www.openssl.org/news/secadv/20230207.txtghsavendor-advisoryWEB
- rustsec.org/advisories/RUSTSEC-2023-0012.htmlghsaWEB
- security.gentoo.org/glsa/202402-08ghsaWEB
News mentions
0No linked articles in our index yet.