Add CVE-2023-0286 for openssl-src (#1573)

crates/openssl-src/RUSTSEC-0000-0000.md

@@ -0,0 +1,31 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "openssl-src"
+aliases = ["CVE-2023-0286"]
+categories = ["denial-of-service", "memory-exposure"]
+date = "2023-02-07"
+url = "https://www.openssl.org/news/secadv/20230207.txt"
+[versions]
+patched = [">= 111.25, < 300.0", ">= 300.0.12"]
+```
+
+# X.400 address type confusion in X.509 `GeneralName`
+
+There is a type confusion vulnerability relating to X.400 address processing
+inside an X.509 `GeneralName`. X.400 addresses were parsed as an `ASN1_STRING` but
+the public structure definition for `GENERAL_NAME` incorrectly specified the type
+of the `x400Address` field as `ASN1_TYPE`. This field is subsequently interpreted by
+the OpenSSL function `GENERAL_NAME_cmp` as an `ASN1_TYPE` rather than an
+`ASN1_STRING`.
+
+When CRL checking is enabled (i.e. the application sets the
+`X509_V_FLAG_CRL_CHECK` flag), this vulnerability may allow an attacker to pass
+arbitrary pointers to a `memcmp` call, enabling them to read memory contents or
+enact a denial of service. In most cases, the attack requires the attacker to
+provide both the certificate chain and CRL, neither of which need to have a
+valid signature. If the attacker only controls one of these inputs, the other
+input must already contain an X.400 address as a CRL distribution point, which
+is uncommon. As such, this vulnerability is most likely to only affect
+applications which have implemented their own functionality for retrieving CRLs
+over a network.