Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2023-5363

Published: October 25, 2023Last modified: October 25, 2023

Description

A bug has been identified in OpenSSL in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.

Severity score breakdown

ParameterValue
Base score7.5
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Notes

https://www.openssl.org/news/secadv/20231024.txt

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSopensslFixed (3.0.12-r0)
StreamopensslFixed (3.1.4-r0)

References

Published BELL-SAs

ON THIS PAGE