Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2023-0464 David Benjamin reported a flaw related to the verification of X.509 certificate chains that include policy constraints, which may result in denial of service. CVE-2023-0465 David Benjamin reported that invalid certificate policies in leaf certificates are silently ignored. A malicious CA could take advantage of this flaw to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. CVE-2023-0466 David Benjamin discovered that the implementation of the X509_VERIFY_PARAM_add0_policy function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification . CVE-2023-2650 It was discovered that processing malformed ASN.1 object identifiers or data may result in denial of service.