CVE-2023-0401 is a high-severity vulnerability in OpenSSL version 3.0.0 involving a NULL pointer dereference during the verification of signatures on PKCS7 signed or signedAndEnveloped data. The root cause is a missing check for the return value of the digest initialization function when the hash algorithm used in the signature is recognized by OpenSSL but its implementation is unavailable. This situation can arise if the FIPS-enabled configuration of providers is used or if the legacy provider is not loaded, causing the digest initialization to fail. Without proper validation, the subsequent use of the digest API leads to invalid memory access, most likely resulting in a crash of the application processing the data. The vulnerability affects the SMIME and time stamp (TS) libraries that process PKCS7 data, but not the core TLS implementation of OpenSSL. Therefore, third-party applications that rely on these libraries to verify signatures on untrusted PKCS7 data are vulnerable. Exploitation does not require authentication or user interaction, and the attack vector is network-based, as untrusted data can be supplied remotely. Although no known exploits are reported in the wild, the vulnerability’s impact is a denial-of-service condition due to application crashes triggered by crafted PKCS7 data. The CVSS v3.1 base score is 7.5, reflecting high severity with no confidentiality or integrity impact but significant availability impact. This vulnerability is classified under CWE-476 (NULL Pointer Dereference).

For European organizations, this vulnerability poses a risk primarily to applications that utilize OpenSSL 3.0.0 for processing PKCS7 signed or signedAndEnveloped data, especially those using SMIME or time stamp verification features. Such applications could be email clients, document signing tools, or timestamp verification services. An attacker could craft malicious PKCS7 data to cause denial-of-service by crashing these applications, potentially disrupting critical business processes that rely on secure document or message verification. This could affect sectors like finance, legal, healthcare, and government agencies where PKCS7 signatures are common. While confidentiality and integrity are not directly impacted, the availability loss could lead to operational downtime, loss of trust in digital signature verification, and increased support costs. Given the lack of user interaction or authentication requirements, the attack surface is broad, increasing the likelihood of exploitation in environments where untrusted PKCS7 data is processed.

European organizations should ensure that OpenSSL is updated to a version where this vulnerability is patched, as no patch links were provided in the source, but monitoring OpenSSL advisories for updates is critical. In the interim, organizations should audit their applications to identify usage of PKCS7 signature verification via SMIME or TS libraries and assess whether they use OpenSSL 3.0.0 with FIPS-enabled configurations or without the legacy provider loaded. Loading the legacy provider where safe and appropriate may mitigate the issue by ensuring hash algorithm implementations are available. Additionally, implement input validation and filtering to restrict untrusted PKCS7 data processing, especially from external sources. Employ application-level monitoring to detect crashes or abnormal behavior related to signature verification functions. Where possible, isolate or sandbox applications handling PKCS7 data to contain potential denial-of-service impacts. Finally, coordinate with software vendors to confirm their OpenSSL usage and patch status.