Impact of CVE-2023-0464 OpenSSL Vulnerability on DLO

Impact of CVE-2023-0464 OpenSSL Vulnerability on DLO

Article: 100055542
Last Published: 2023-03-30
Ratings: 0 0
Product(s): Desktop Laptop Option

Problem

Impact of CVE-2023-0464 OpenSSL Vulnerability on Veritas Desktop and Laptop Option (DLO).

 

Reference

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.

More information on this vulnerability can be found at the National Vulnerability Database at the following link;
https://nvd.nist.gov/vuln/detail/CVE-2023-0464

 

Solution

This vulnerability can only be exploited when Policy processing is disabled by default, but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function

Veritas Desktop and Laptop Option (DLO) does not explicitly make use of or call 'the X509_VERIFY_PARAM_set1_policies()' function and therefore is not affected by this vulnerability.

 

Was this content helpful?