CVE-2021-23840
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.5
Description
RHSA-2021:4424: openssl security and bug fix update (Moderate)
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Fixed | 1.1.1.j-1 |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 1.1.1j-1 |
| sid | Fixed | 1.1.1j-1 |
| forky | Fixed | 1.1.1j-1 |
| bullseye | Fixed | 1.1.1j-1 |
| bookworm | Fixed | 1.1.1j-1 |
Red Hat Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| crates.io | openssl-src | | |
| crates.io | openssl-src | <111.14.0 | 111.14.0 |
| crates.io | openssl-src | >=0.0.0-0,<111.14.0 | 111.14.0 |
References
- https://www.openssl.org/news/secadv/20210216.txt
- https://security.archlinux.org/ASA-202102-42
- https://www.suse.com/security/cve/CVE-2021-23840.html
- https://errata.rockylinux.org/RLSA-2021:4424
- https://errata.rockylinux.org/RLSA-2021:4198
- https://nvd.nist.gov/vuln/detail/CVE-2021-23840
- https://www.tenable.com/security/tns-2021-10
- https://www.tenable.com/security/tns-2021-09
- https://www.tenable.com/security/tns-2021-03
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.debian.org/security/2021/dsa-4855
- https://security.netapp.com/advisory/ntap-20210219-0009
- https://security.gentoo.org/glsa/202103-03
- https://rustsec.org/advisories/RUSTSEC-2021-0057.html
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://kc.mcafee.com/corporate/index?page=content&id=SB10366
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
- https://github.com/alexcrichton/openssl-src-rs
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.