Security Bulletin: OpenSSL for IBM i is vulnerable to denial of service attacks and the ability for remote attacker to obtain sensitive information due to multiple vulnerabilities.

​OpenSSL for IBM i is vulnerable to a denial of service caused by error in certificate verification (CVE-2023-0464), a denial of service caused by arbitrary pointers to memcmp (CVE-2023-0286), denial of service caused by a double-free error (CVE-2022-4450), denial of service caused by use-after-free error (CVE-2023-0215), and the ability for a remote attack to obtain sensitive information caused by a timing-based side channel in RSA decryption (CVE-2022-4304) as described in the vulnerability details section. IBM i has addressed the vulnerabilities in OpenSSL with a fix as described in the remediation/fixes section. Read More