Problem
Impact of CVE-2023-0464 OpenSSL Vulnerability on Veritas Desktop and Laptop Option (DLO).
Reference
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.
More information on this vulnerability can be found at the National Vulnerability Database at the following link;
https://nvd.nist.gov/vuln/detail/CVE-2023-0464
Solution
This vulnerability can only be exploited when Policy processing is disabled by default, but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function
Veritas Desktop and Laptop Option (DLO) does not explicitly make use of or call 'the X509_VERIFY_PARAM_set1_policies()' function and therefore is not affected by this vulnerability.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.