HOMEVULNERABILITIESCVE-2023-0215
HIGH

CVE-2023-0215

CWE-416Published: February 8, 2023· Updated: Jun 17, 2026

7.5
CVSS v3.1

Official Description

The public API function BIO_new_NDEF is a helper function used for streaming

ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the

SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by

end user applications.

The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter

BIO onto the front of it to form a BIO chain, and then returns the new head of

the BIO chain to the caller. Under certain conditions, for example if a CMS

recipient public key is invalid, the new filter BIO is freed and the function

returns a NULL result indicating a failure. However, in this case, the BIO chain

is not properly cleaned up and the BIO passed by the caller still retains

internal pointers to the previously freed filter BIO. If the caller then goes on

to call BIO_pop() on the BIO then a use-after-free will occur. This will most

likely result in a crash.

This scenario occurs directly in the internal function B64_write_ASN1() which

may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on

the BIO. This internal function is in turn called by the public API functions

PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,

SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.

Other public API functions that may be impacted by this include

i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and

i2d_PKCS7_bio_stream.

The OpenSSL cms and smime command line applications are similarly affected.

NVD Source

Technical Analysis

CVE-2023-0215 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 7.5.

From a weakness classification perspective (CWE-416): Use-after-free vulnerabilities involve accessing memory after it has been freed, often enabling arbitrary code execution.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

OpenSSL1 product(s)
openssl
stormshield1 product(s)
stormshield management center
Source: NVD CPE · 2 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (17)

Quick Facts

CVE IDCVE-2023-0215
CVSS Score7.5 / 10
SeverityHIGH
WeaknessCWE-416
CISA KEVNo
Affected2 vendor(s)
PublishedFeb 8, 2023

Related CVEs (CWE-416)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2023-0215 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.