csaf_microsoft - msrc

MSRC_CVE-2023-6129

Vulnerability from csaf_microsoft - Published: 2024-01-01 08:00 - Updated: 2024-11-28 00:00

Summary

POLY1305 MAC implementation corrupts vector registers on PowerPC

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-6129.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "POLY1305 MAC implementation corrupts vector registers on PowerPC",
    "tracking": {
      "current_release_date": "2024-11-28T00:00:00.000Z",
      "generator": {
        "date": "2025-10-20T00:58:25.418Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-6129",
      "initial_release_date": "2024-01-01T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-01-16T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-06-30T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        },
        {
          "date": "2024-07-13T00:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Information published."
        },
        {
          "date": "2024-08-29T00:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Information published."
        },
        {
          "date": "2024-08-30T00:00:00.000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Information published."
        },
        {
          "date": "2024-08-31T00:00:00.000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Information published."
        },
        {
          "date": "2024-09-01T00:00:00.000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Information published."
        },
        {
          "date": "2024-09-02T00:00:00.000Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Information published."
        },
        {
          "date": "2024-09-03T00:00:00.000Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Information published."
        },
        {
          "date": "2024-09-05T00:00:00.000Z",
          "legacy_version": "1.9",
          "number": "10",
          "summary": "Information published."
        },
        {
          "date": "2024-09-06T00:00:00.000Z",
          "legacy_version": "2",
          "number": "11",
          "summary": "Information published."
        },
        {
          "date": "2024-09-07T00:00:00.000Z",
          "legacy_version": "2.1",
          "number": "12",
          "summary": "Information published."
        },
        {
          "date": "2024-09-08T00:00:00.000Z",
          "legacy_version": "2.2",
          "number": "13",
          "summary": "Information published."
        },
        {
          "date": "2024-09-11T00:00:00.000Z",
          "legacy_version": "2.3",
          "number": "14",
          "summary": "Information published."
        },
        {
          "date": "2024-11-28T00:00:00.000Z",
          "legacy_version": "2.4",
          "number": "15",
          "summary": "Added hvloader to CBL-Mariner 2.0\nAdded cloud-hypervisor-cvm to CBL-Mariner 2.0\nAdded nodejs18 to CBL-Mariner 2.0\nAdded cloud-hypervisor-cvm to Azure Linux 3.0\nAdded openssl to Azure Linux 3.0\nAdded nodejs to Azure Linux 3.0"
        }
      ],
      "status": "final",
      "version": "15"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 openssl 3.1.4-9",
                "product": {
                  "name": "\u003cazl3 openssl 3.1.4-9",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 openssl 3.1.4-9",
                "product": {
                  "name": "azl3 openssl 3.1.4-9",
                  "product_id": "19786"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 openssl 3.3.0-1",
                "product": {
                  "name": "\u003cazl3 openssl 3.3.0-1",
                  "product_id": "7"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 openssl 3.3.0-1",
                "product": {
                  "name": "azl3 openssl 3.3.0-1",
                  "product_id": "17715"
                }
              }
            ],
            "category": "product_name",
            "name": "openssl"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 hvloader 1.0.1-6",
                "product": {
                  "name": "\u003ccbl2 hvloader 1.0.1-6",
                  "product_id": "10"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 hvloader 1.0.1-6",
                "product": {
                  "name": "cbl2 hvloader 1.0.1-6",
                  "product_id": "17178"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 hvloader 1.0.1-5",
                "product": {
                  "name": "\u003ccbl2 hvloader 1.0.1-5",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 hvloader 1.0.1-5",
                "product": {
                  "name": "cbl2 hvloader 1.0.1-5",
                  "product_id": "19809"
                }
              }
            ],
            "category": "product_name",
            "name": "hvloader"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72.2-1",
                "product": {
                  "name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72.2-1",
                  "product_id": "13"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 cloud-hypervisor-cvm 38.0.72.2-1",
                "product": {
                  "name": "cbl2 cloud-hypervisor-cvm 38.0.72.2-1",
                  "product_id": "16977"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72.2-1",
                "product": {
                  "name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72.2-1",
                  "product_id": "12"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 cloud-hypervisor-cvm 38.0.72.2-1",
                "product": {
                  "name": "azl3 cloud-hypervisor-cvm 38.0.72.2-1",
                  "product_id": "16982"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72-1",
                "product": {
                  "name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72-1",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 cloud-hypervisor-cvm 38.0.72-1",
                "product": {
                  "name": "cbl2 cloud-hypervisor-cvm 38.0.72-1",
                  "product_id": "19801"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72-2",
                "product": {
                  "name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72-2",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 cloud-hypervisor-cvm 38.0.72-2",
                "product": {
                  "name": "azl3 cloud-hypervisor-cvm 38.0.72-2",
                  "product_id": "19807"
                }
              }
            ],
            "category": "product_name",
            "name": "cloud-hypervisor-cvm"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 nodejs 20.14.0-1",
                "product": {
                  "name": "\u003cazl3 nodejs 20.14.0-1",
                  "product_id": "11"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 nodejs 20.14.0-1",
                "product": {
                  "name": "azl3 nodejs 20.14.0-1",
                  "product_id": "16990"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 nodejs 20.10.0-2",
                "product": {
                  "name": "\u003cazl3 nodejs 20.10.0-2",
                  "product_id": "6"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 nodejs 20.10.0-2",
                "product": {
                  "name": "azl3 nodejs 20.10.0-2",
                  "product_id": "19740"
                }
              }
            ],
            "category": "product_name",
            "name": "nodejs"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 edk2 20240524git3e722403cd16-8",
                "product": {
                  "name": "azl3 edk2 20240524git3e722403cd16-8",
                  "product_id": "8"
                }
              }
            ],
            "category": "product_name",
            "name": "edk2"
          },
          {
            "category": "product_name",
            "name": "cbl2 nodejs18 18.18.2-7",
            "product": {
              "name": "cbl2 nodejs18 18.18.2-7",
              "product_id": "5"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 qemu 8.2.0-16",
            "product": {
              "name": "azl3 qemu 8.2.0-16",
              "product_id": "9"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 openssl 3.1.4-9 as a component of Azure Linux 3.0",
          "product_id": "17084-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 openssl 3.1.4-9 as a component of Azure Linux 3.0",
          "product_id": "19786-17084"
        },
        "product_reference": "19786",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 hvloader 1.0.1-6 as a component of CBL Mariner 2.0",
          "product_id": "17086-10"
        },
        "product_reference": "10",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 hvloader 1.0.1-6 as a component of CBL Mariner 2.0",
          "product_id": "17178-17086"
        },
        "product_reference": "17178",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72.2-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-13"
        },
        "product_reference": "13",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 cloud-hypervisor-cvm 38.0.72.2-1 as a component of CBL Mariner 2.0",
          "product_id": "16977-17086"
        },
        "product_reference": "16977",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72.2-1 as a component of Azure Linux 3.0",
          "product_id": "17084-12"
        },
        "product_reference": "12",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 cloud-hypervisor-cvm 38.0.72.2-1 as a component of Azure Linux 3.0",
          "product_id": "16982-17084"
        },
        "product_reference": "16982",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 openssl 3.3.0-1 as a component of Azure Linux 3.0",
          "product_id": "17084-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 openssl 3.3.0-1 as a component of Azure Linux 3.0",
          "product_id": "17715-17084"
        },
        "product_reference": "17715",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 nodejs 20.14.0-1 as a component of Azure Linux 3.0",
          "product_id": "17084-11"
        },
        "product_reference": "11",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 nodejs 20.14.0-1 as a component of Azure Linux 3.0",
          "product_id": "16990-17084"
        },
        "product_reference": "16990",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 nodejs18 18.18.2-7 as a component of CBL Mariner 2.0",
          "product_id": "17086-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 nodejs 20.10.0-2 as a component of Azure Linux 3.0",
          "product_id": "17084-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 nodejs 20.10.0-2 as a component of Azure Linux 3.0",
          "product_id": "19740-17084"
        },
        "product_reference": "19740",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 edk2 20240524git3e722403cd16-8 as a component of Azure Linux 3.0",
          "product_id": "17084-8"
        },
        "product_reference": "8",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 cloud-hypervisor-cvm 38.0.72-1 as a component of CBL Mariner 2.0",
          "product_id": "19801-17086"
        },
        "product_reference": "19801",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72-2 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 cloud-hypervisor-cvm 38.0.72-2 as a component of Azure Linux 3.0",
          "product_id": "19807-17084"
        },
        "product_reference": "19807",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 hvloader 1.0.1-5 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 hvloader 1.0.1-5 as a component of CBL Mariner 2.0",
          "product_id": "19809-17086"
        },
        "product_reference": "19809",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 qemu 8.2.0-16 as a component of Azure Linux 3.0",
          "product_id": "17084-9"
        },
        "product_reference": "9",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-6129",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "flags": [
        {
          "label": "component_not_present",
          "product_ids": [
            "17084-9"
          ]
        },
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "17086-5"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "openssl",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "19786-17084",
          "17178-17086",
          "16977-17086",
          "16982-17084",
          "17715-17084",
          "16990-17084",
          "19740-17084",
          "19801-17086",
          "19807-17084",
          "19809-17086"
        ],
        "known_affected": [
          "17084-4",
          "17086-10",
          "17086-13",
          "17084-12",
          "17084-7",
          "17084-11",
          "17084-6",
          "17084-8",
          "17086-3",
          "17084-2",
          "17086-1"
        ],
        "known_not_affected": [
          "17086-5",
          "17084-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-6129.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-01-16T00:00:00.000Z",
          "details": "3.3.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-4",
            "17084-7"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-01-16T00:00:00.000Z",
          "details": "1.0.1-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-10",
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-01-16T00:00:00.000Z",
          "details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-13",
            "17084-12"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-01-16T00:00:00.000Z",
          "details": "20.14.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-11",
            "17084-6"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-01-16T00:00:00.000Z",
          "details": "38.0.72.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-3",
            "17084-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "17084-4",
            "17086-10",
            "17086-13",
            "17084-12",
            "17084-7",
            "17084-11",
            "17084-6",
            "17084-8",
            "17086-3",
            "17084-2",
            "17086-1"
          ]
        }
      ],
      "title": "POLY1305 MAC implementation corrupts vector registers on PowerPC"
    }
  ]
}

CVE-2023-6129 (GCVE-0-2023-6129)

Vulnerability from cvelistv5 – Published: 2024-01-09 16:36 – Updated: 2025-06-20 15:28

Summary

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.

Severity ?

No CVSS data available.

CWE

CWE-440 - Expected Behavior Violation

Assigner

openssl

References

URL

Tags

	https://www.openssl.org/news/secadv/20240109.txt	vendor-advisory
	https://github.com/openssl/openssl/commit/5b139f9…	patch
	https://github.com/openssl/openssl/commit/f3fc580…	patch
	https://github.com/openssl/openssl/commit/050d263…	patch

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Affected: 3.2.0 , < 3.2.1 (semver) Affected: 3.1.0 , < 3.1.5 (semver) Affected: 3.0.0 , < 3.0.13 (semver)

Credits

Sverker Eriksson Rohan McLure

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240109.txt"
          },
          {
            "name": "3.2.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04"
          },
          {
            "name": "3.1.5 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015"
          },
          {
            "name": "3.0.13 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240216-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0013/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240503-0011/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-6129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-22T14:31:57.012999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T15:28:07.908Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.2.1",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.13",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Sverker Eriksson"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rohan McLure"
        }
      ],
      "datePublic": "2024-01-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\u003cbr\u003econtains a bug that might corrupt the internal state of applications running\u003cbr\u003eon PowerPC CPU based platforms if the CPU provides vector instructions.\u003cbr\u003e\u003cbr\u003eImpact summary: If an attacker can influence whether the POLY1305 MAC\u003cbr\u003ealgorithm is used, the application state might be corrupted with various\u003cbr\u003eapplication dependent consequences.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\u003cbr\u003ePowerPC CPUs restores the contents of vector registers in a different order\u003cbr\u003ethan they are saved. Thus the contents of some of these vector registers\u003cbr\u003eare corrupted when returning to the caller. The vulnerable code is used only\u003cbr\u003eon newer PowerPC processors supporting the PowerISA 2.07 instructions.\u003cbr\u003e\u003cbr\u003eThe consequences of this kind of internal application state corruption can\u003cbr\u003ebe various - from no consequences, if the calling application does not\u003cbr\u003edepend on the contents of non-volatile XMM registers at all, to the worst\u003cbr\u003econsequences, where the attacker could get complete control of the application\u003cbr\u003eprocess. However unless the compiler uses the vector registers for storing\u003cbr\u003epointers, the most likely consequence, if any, would be an incorrect result\u003cbr\u003eof some application dependent calculations or a crash leading to a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC algorithm is most frequently used as part of the\u003cbr\u003eCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\u003cbr\u003ealgorithm. The most common usage of this AEAD cipher is with TLS protocol\u003cbr\u003eversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\u003cbr\u003eclient can influence whether this AEAD cipher is used. This implies that\u003cbr\u003eTLS server applications using OpenSSL can be potentially impacted. However\u003cbr\u003ewe are currently not aware of any concrete application that would be affected\u003cbr\u003eby this issue therefore we consider this a Low severity security issue."
            }
          ],
          "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-440",
              "description": "CWE-440 Expected Behavior Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T14:55:55.315Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240109.txt"
        },
        {
          "name": "3.2.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04"
        },
        {
          "name": "3.1.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015"
        },
        {
          "name": "3.0.13 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "POLY1305 MAC implementation corrupts vector registers on PowerPC",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-6129",
    "datePublished": "2024-01-09T16:36:58.860Z",
    "dateReserved": "2023-11-14T16:12:12.656Z",
    "dateUpdated": "2025-06-20T15:28:07.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2023-6129

CVE-2023-6129 (GCVE-0-2023-6129)

Tags

Sightings

Nomenclature