CVE-2023-5363
Published: October 25, 2023Last modified: October 25, 2023
Description
A bug has been identified in OpenSSL in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Notes
https://www.openssl.org/news/secadv/20231024.txt
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | openssl | Fixed (3.0.12-r0) |
| Stream | openssl | Fixed (3.1.4-r0) |
References
- http://www.openwall.com/lists/oss-security/2023/10/24/1
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
- https://security.netapp.com/advisory/ntap-20231027-0010/
- https://security.netapp.com/advisory/ntap-20240201-0003/
- https://security.netapp.com/advisory/ntap-20240201-0004/
- https://www.debian.org/security/2023/dsa-5532
- https://www.openssl.org/news/secadv/20231024.txt