CVE-2023-1255

medium

Published 2023-06-21 · Modified 2023-06-23

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

Moderate: openssl security and bug fix update

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM Red Hat statement Applications that use the AES-XTS algorithm on the 64-bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size…

Description

openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM

Red Hat statement

Applications that use the AES-XTS algorithm on the 64-bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5, for example, 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash, resulting in a denial of service. The application is affected if an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64-bit ARM. This is fairly unlikely, making this issue a Low severity one.

CVSS v3: 5.1 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 9	`openssl-1:3.0.7-16.el9_2`	RHSA-2023:3722	2023-06-21T00:00:00Z
Red Hat Enterprise Linux 9	`openssl-1:3.0.7-16.el9_2`	RHSA-2023:3722	2023-06-21T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`openssl`	Not affected
Red Hat Enterprise Linux 7	`openssl`	Not affected
Red Hat Enterprise Linux 7	`ovmf`	Not affected
Red Hat Enterprise Linux 8	`compat-openssl10`	Not affected
Red Hat Enterprise Linux 8	`edk2`	Not affected
Red Hat Enterprise Linux 8	`openssl`	Not affected
Red Hat Enterprise Linux 8	`shim`	Not affected
Red Hat Enterprise Linux 9	`compat-openssl11`	Not affected
Red Hat Enterprise Linux 9	`edk2`	Not affected
Red Hat Enterprise Linux 9	`shim`	Not affected
Red Hat JBoss Core Services	`openssl`	Not affected
Red Hat JBoss Web Server 3	`openssl`	Not affected
Red Hat JBoss Web Server 5	`openssl`	Not affected

Apply commands

bash fix

Apply RHSA-2023:3722 for Red Hat Enterprise Linux 9

yum update -y openssl
# or:
dnf upgrade -y openssl

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 6	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 7	`Not affected`
redhat	Red Hat Enterprise Linux 8	`Not affected`
redhat	Red Hat Enterprise Linux 8	`Not affected`
redhat	Red Hat Enterprise Linux 8	`Not affected`
redhat	Red Hat Enterprise Linux 8	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat Enterprise Linux 9	`Not affected`
redhat	Red Hat JBoss Core Services	`Not affected`
redhat	Red Hat JBoss Web Server 3	`Not affected`
redhat	Red Hat JBoss Web Server 5	`Not affected`

OS impact

SUSE Affected 1 release

Version	Status	Fixed in
—	Affected	—

AlmaLinux Fixed 1 release

Version	Status	Fixed in
9	Fixed	`openssl-devel-3.0.7-16.el9_2.aarch64.rpm`

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`3.0.9-1`
sid	Fixed	`3.0.9-1`
forky	Fixed	`3.0.9-1`
bullseye	Fixed	`0`
bookworm	Fixed	`3.0.9-1`

Red Hat Fixed 1 release

Version	Status	Fixed in
9	Fixed	—

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.