Recent updates to this article
Date |
Update |
February 24, 2023 |
Added a link for the Security Bulletin SB10395 |
February 10, 2023 |
Added a link for the Trellix blog post. |
February 9, 2023 |
Initial publication. |
NOTE: Trellix has authored the following Security Bulletin that covers this vulnerability:
SB10395 Security Bulletin – Trellix/Skyhigh Security products status for OpenSSL 3.0, 1.1.1, 1.0.2 (CVE-2023-0286, CVE-2022-4304, CVE-2023-0215, and CVE-2022-4450)
We're aware of CVE-2023-0286, recently released by OpenSSL. There's a type-confusion vulnerability relating to the X.400 address processing inside an X.509
GeneralName. It's recommended that customers patch their systems to the latest builds to mitigate this vulnerability. This vulnerability is considered high severity, although the CVSS (3.0) score is still pending (
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator).
Evaluation of potential impact to Trellix software is underway. This article will be updated as information becomes available.
Owing to the severity of this vulnerability, we've created this article to provide communication about actions that customers can take to mitigate risk in their environment. Subscribe to this article to receive updates about related coverage and countermeasures.
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
For further vendor information: