CVE-2023-0464

A security vulnerability has been identified in all supported versions

of OpenSSL related to the verification of X.509 certificate chainsthat include policy constraints. Attackers may be able to exploit thisvulnerability by creating a malicious certificate chain that triggersexponential use of computational resources, leading to a denial-of-service(DoS) attack on affected systems.

Policy processing is disabled by default but can be enabled by passingthe -policy' argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function.