CVE-2023-0217
NULL dereference validating DSA public keyAn invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3.
We have discovered 16,092 live websites that are affected by CVE-2023-0217.
Affected Software
| Product |  OpenSSL |
| Category | Web Server Extensions |
| Vulnerable Domains | 16,092 live websites (2.40% of OpenSSL install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 7 versions ( 17.50% of all versions) |
Details
- Published - Feb 8, 2023
- Updated - Feb 13, 2025
Credits
- Kurt Roeckx (reporter)
- Shane Lontis from Oracle (remediation developer)
CVE References
CVE-2023-0217 usage by Country
 United States | 3,623 websites |
 France | 2,345 websites |
 Germany | 1,486 websites |
 Japan | 1,317 websites |
 Canada | 848 websites |
 GB | 774 websites |
 Finland | 688 websites |
 Netherlands | 523 websites |
 Italy | 404 websites |
 Hungary | 397 websites |
CVE-2023-0217 usage by TLD
| .com | 5,684 websites |
| .org | 685 websites |
| .edu | 652 websites |
| .net | 643 websites |
| .ca | 638 websites |
| .fi | 534 websites |
| .jp | 534 websites |
| .fr | 489 websites |
| .de | 439 websites |
| .co.uk | 422 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-0217
Top websites that are affected by CVE-2023-0217. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.com | United States | *,*** | |
| ***.edu | United States | **,*** | |
| ******.org |  Singapore | **,*** | |
| ********.org | France | **,*** | |
| ********.com | United States | **,*** | |
| *******.net | Japan | **,*** | |
| ******.****.edu | United States | **,*** | |
| ************************.com | United States | **,*** | |
| ***.com | United States | **,*** | |
| ******.com | United States | **,*** |
FAQ
A total of 16,092 websites have been identified as vulnerable to CVE-2023-0217, discovered through global website indexing conducted by WebTechSurvey.
OpenSSL is susceptible to CVE-2023-0217 vulnerability.
OpenSSL versions before 3.0.8 are vulnerable to CVE-2023-0217.
Version 3.0.8 of OpenSSL addresses the CVE-2023-0217 security vulnerability.