CVE-2023-0217
NULL dereference validating DSA public keyAn invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.
We have discovered 8,070 live websites that are affected by CVE-2023-0217.
Affected Software
| Product |  OpenSSL |
| Category | Web Server Extensions |
| Vulnerable Domains | 8,070 live websites (1.50% of OpenSSL install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 6 versions ( 9.23% of all versions) |
Details
- Published - Feb 8, 2023
- Updated - Nov 4, 2025
Credits
- Kurt Roeckx (reporter)
- Shane Lontis from Oracle (remediation developer)
CVE References
Website Distribution by Country
Number of websites using CVE-2023-0217 United States | 1,286 websites |
 Japan | 1,098 websites |
 GB | 717 websites |
 Germany | 683 websites |
 France | 585 websites |
 Finland | 437 websites |
 Canada | 382 websites |
 Italy | 301 websites |
 Brazil | 239 websites |
 Czech Republic | 194 websites |
Website Distribution by TLD
Number of websites using CVE-2023-0217| .com | 2,188 websites |
| .jp | 410 websites |
| .net | 386 websites |
| .fr | 371 websites |
| .de | 362 websites |
| .org | 354 websites |
| .co.uk | 332 websites |
| .fi | 325 websites |
| .co.jp | 259 websites |
| .it | 246 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-0217
Top websites that are affected by CVE-2023-0217. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ******.org |  Singapore | **,*** | |
| *******.net | Japan | **,*** | |
| ***.com |  Switzerland | **,*** | |
| *****.es |  Spain | **,*** | |
| *****.******************.com | United States | **,*** | |
| *********.org | Spain | **,*** | |
| *****.**********.**.jp | Japan | **,*** | |
| **********.edu | United States | **,*** | |
| ***.***.br | Brazil | **,*** | |
| *******.**********.it | Italy | **,*** |
FAQ
A total of 8,070 websites have been identified as vulnerable to CVE-2023-0217, based on global website indexing conducted by WebTechSurvey.
The OpenSSL is affected by the CVE-2023-0217 vulnerability.
OpenSSL versions up to 3.0.8 are vulnerable to CVE-2023-0217.
CVE-2023-0217 is resolved in version 3.0.8 of OpenSSL.