CVE-2023-0465
Invalid certificate policies in leaf certificates are silently ignoredApplications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.
We have discovered 26,461 live websites that are affected by CVE-2023-0465.
Affected Software
| Product |  OpenSSL |
| Category | Web Server Extensions |
| Vulnerable Domains | 26,461 live websites (3.95% of OpenSSL install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 9 versions ( 22.50% of all versions) |
Details
- Published - Mar 28, 2023
- Updated - Feb 18, 2025
Credits
- David Benjamin (Google) (reporter)
- Matt Caswell (remediation developer)
CVE References
CVE-2023-0465 usage by Country
 United States | 12,695 websites |
 France | 2,385 websites |
 Germany | 1,547 websites |
 Japan | 1,443 websites |
 GB | 891 websites |
 Canada | 880 websites |
 Finland | 691 websites |
 Netherlands | 637 websites |
 Italy | 442 websites |
 Hungary | 406 websites |
CVE-2023-0465 usage by TLD
| .com | 11,579 websites |
| .org | 1,244 websites |
| .net | 1,159 websites |
| .jp | 939 websites |
| .edu | 829 websites |
| .ca | 741 websites |
| .co.uk | 720 websites |
| .nl | 558 websites |
| .fi | 550 websites |
| .fr | 545 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-0465
Top websites that are affected by CVE-2023-0465. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| ***.***********.com | United States | *,*** | |
| *******.com | United States | *,*** | |
| ******.***************.com | United States | *,*** | |
| ****************.com | United States | **,*** | |
| **.***.au |  Australia | **,*** | |
| ***.edu | United States | **,*** | |
| *********.ch | United States | **,*** | |
| ******.org |  Singapore | **,*** | |
| ********.org | France | **,*** |
FAQ
A total of 26,461 websites have been identified as vulnerable to CVE-2023-0465, discovered through global website indexing conducted by WebTechSurvey.
OpenSSL is susceptible to CVE-2023-0465 vulnerability.
OpenSSL versions before 3.1.1 are vulnerable to CVE-2023-0465.
Version 3.1.1 of OpenSSL addresses the CVE-2023-0465 security vulnerability.
References
- https://www.openssl.org/news/secadv/20230328.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a
- https://security.netapp.com/advisory/ntap-20230414-0001/
- https://www.debian.org/security/2023/dsa-5417
- https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
- https://security.gentoo.org/glsa/202402-08