csaf_suse - suse-su-2023:2620-1

Vulnerability from csaf_suse

Published

2023-06-23 11:41

Modified

2023-06-23 11:41

Summary

Security update for openssl-3

Notes

Title of the patch

Security update for openssl-3

Description of the patch

This update for openssl-3 fixes the following issues: - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). - CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430).

Patchnames

SUSE-2023-2620,SUSE-SLE-Module-Basesystem-15-SP5-2023-2620,openSUSE-SLE-15.5-2023-2620

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for openssl-3",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for openssl-3 fixes the following issues:\n\n- CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714).\n- CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430).\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "SUSE-2023-2620,SUSE-SLE-Module-Basesystem-15-SP5-2023-2620,openSUSE-SLE-15.5-2023-2620",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2620-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2023:2620-1",
            url: "https://www.suse.com/support/update/announcement/2023/suse-su-20232620-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2023:2620-1",
            url: "https://lists.suse.com/pipermail/sle-updates/2023-June/030015.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 1210714",
            url: "https://bugzilla.suse.com/1210714",
         },
         {
            category: "self",
            summary: "SUSE Bug 1211430",
            url: "https://bugzilla.suse.com/1211430",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2023-1255 page",
            url: "https://www.suse.com/security/cve/CVE-2023-1255/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2023-2650 page",
            url: "https://www.suse.com/security/cve/CVE-2023-2650/",
         },
      ],
      title: "Security update for openssl-3",
      tracking: {
         current_release_date: "2023-06-23T11:41:37Z",
         generator: {
            date: "2023-06-23T11:41:37Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2023:2620-1",
         initial_release_date: "2023-06-23T11:41:37Z",
         revision_history: [
            {
               date: "2023-06-23T11:41:37Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                        product: {
                           name: "libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                           product_id: "libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.0.8-150500.5.3.1.aarch64",
                        product: {
                           name: "libopenssl3-3.0.8-150500.5.3.1.aarch64",
                           product_id: "libopenssl3-3.0.8-150500.5.3.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.0.8-150500.5.3.1.aarch64",
                        product: {
                           name: "openssl-3-3.0.8-150500.5.3.1.aarch64",
                           product_id: "openssl-3-3.0.8-150500.5.3.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-64bit-3.0.8-150500.5.3.1.aarch64_ilp32",
                        product: {
                           name: "libopenssl-3-devel-64bit-3.0.8-150500.5.3.1.aarch64_ilp32",
                           product_id: "libopenssl-3-devel-64bit-3.0.8-150500.5.3.1.aarch64_ilp32",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-64bit-3.0.8-150500.5.3.1.aarch64_ilp32",
                        product: {
                           name: "libopenssl3-64bit-3.0.8-150500.5.3.1.aarch64_ilp32",
                           product_id: "libopenssl3-64bit-3.0.8-150500.5.3.1.aarch64_ilp32",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64_ilp32",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.0.8-150500.5.3.1.i586",
                        product: {
                           name: "libopenssl-3-devel-3.0.8-150500.5.3.1.i586",
                           product_id: "libopenssl-3-devel-3.0.8-150500.5.3.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.0.8-150500.5.3.1.i586",
                        product: {
                           name: "libopenssl3-3.0.8-150500.5.3.1.i586",
                           product_id: "libopenssl3-3.0.8-150500.5.3.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.0.8-150500.5.3.1.i586",
                        product: {
                           name: "openssl-3-3.0.8-150500.5.3.1.i586",
                           product_id: "openssl-3-3.0.8-150500.5.3.1.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "openssl-3-doc-3.0.8-150500.5.3.1.noarch",
                        product: {
                           name: "openssl-3-doc-3.0.8-150500.5.3.1.noarch",
                           product_id: "openssl-3-doc-3.0.8-150500.5.3.1.noarch",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                        product: {
                           name: "libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                           product_id: "libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                        product: {
                           name: "libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                           product_id: "libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.0.8-150500.5.3.1.ppc64le",
                        product: {
                           name: "openssl-3-3.0.8-150500.5.3.1.ppc64le",
                           product_id: "openssl-3-3.0.8-150500.5.3.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                        product: {
                           name: "libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                           product_id: "libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.0.8-150500.5.3.1.s390x",
                        product: {
                           name: "libopenssl3-3.0.8-150500.5.3.1.s390x",
                           product_id: "libopenssl3-3.0.8-150500.5.3.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.0.8-150500.5.3.1.s390x",
                        product: {
                           name: "openssl-3-3.0.8-150500.5.3.1.s390x",
                           product_id: "openssl-3-3.0.8-150500.5.3.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                        product: {
                           name: "libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                           product_id: "libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
                        product: {
                           name: "libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
                           product_id: "libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.0.8-150500.5.3.1.x86_64",
                        product: {
                           name: "libopenssl3-3.0.8-150500.5.3.1.x86_64",
                           product_id: "libopenssl3-3.0.8-150500.5.3.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
                        product: {
                           name: "libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
                           product_id: "libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.0.8-150500.5.3.1.x86_64",
                        product: {
                           name: "openssl-3-3.0.8-150500.5.3.1.x86_64",
                           product_id: "openssl-3-3.0.8-150500.5.3.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                        product: {
                           name: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                           product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sle-module-basesystem:15:sp5",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "openSUSE Leap 15.5",
                        product: {
                           name: "openSUSE Leap 15.5",
                           product_id: "openSUSE Leap 15.5",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:leap:15.5",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
            },
            product_reference: "libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
            },
            product_reference: "libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.0.8-150500.5.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
            },
            product_reference: "libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
            },
            product_reference: "libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.0.8-150500.5.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
            },
            product_reference: "libopenssl3-3.0.8-150500.5.3.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.0.8-150500.5.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
            },
            product_reference: "libopenssl3-3.0.8-150500.5.3.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.0.8-150500.5.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.s390x",
            },
            product_reference: "libopenssl3-3.0.8-150500.5.3.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.0.8-150500.5.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
            },
            product_reference: "libopenssl3-3.0.8-150500.5.3.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.0.8-150500.5.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.aarch64",
            },
            product_reference: "openssl-3-3.0.8-150500.5.3.1.aarch64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.0.8-150500.5.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
            },
            product_reference: "openssl-3-3.0.8-150500.5.3.1.ppc64le",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.0.8-150500.5.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.s390x",
            },
            product_reference: "openssl-3-3.0.8-150500.5.3.1.s390x",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.0.8-150500.5.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
               product_id: "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.x86_64",
            },
            product_reference: "openssl-3-3.0.8-150500.5.3.1.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Module for Basesystem 15 SP5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64 as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
            },
            product_reference: "libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
            },
            product_reference: "libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.0.8-150500.5.3.1.s390x as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
            },
            product_reference: "libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64 as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
            },
            product_reference: "libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64 as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
            },
            product_reference: "libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.0.8-150500.5.3.1.aarch64 as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
            },
            product_reference: "libopenssl3-3.0.8-150500.5.3.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.0.8-150500.5.3.1.ppc64le as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
            },
            product_reference: "libopenssl3-3.0.8-150500.5.3.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.0.8-150500.5.3.1.s390x as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.s390x",
            },
            product_reference: "libopenssl3-3.0.8-150500.5.3.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.0.8-150500.5.3.1.x86_64 as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
            },
            product_reference: "libopenssl3-3.0.8-150500.5.3.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64 as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
            },
            product_reference: "libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.0.8-150500.5.3.1.aarch64 as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.aarch64",
            },
            product_reference: "openssl-3-3.0.8-150500.5.3.1.aarch64",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.0.8-150500.5.3.1.ppc64le as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
            },
            product_reference: "openssl-3-3.0.8-150500.5.3.1.ppc64le",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.0.8-150500.5.3.1.s390x as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.s390x",
            },
            product_reference: "openssl-3-3.0.8-150500.5.3.1.s390x",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.0.8-150500.5.3.1.x86_64 as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.x86_64",
            },
            product_reference: "openssl-3-3.0.8-150500.5.3.1.x86_64",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-doc-3.0.8-150500.5.3.1.noarch as component of openSUSE Leap 15.5",
               product_id: "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.3.1.noarch",
            },
            product_reference: "openssl-3-doc-3.0.8-150500.5.3.1.noarch",
            relates_to_product_reference: "openSUSE Leap 15.5",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-1255",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2023-1255",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
               "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
               "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
               "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
               "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
               "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.s390x",
               "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.aarch64",
               "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
               "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.s390x",
               "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.3.1.noarch",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2023-1255",
               url: "https://www.suse.com/security/cve/CVE-2023-1255",
            },
            {
               category: "external",
               summary: "SUSE Bug 1210714 for CVE-2023-1255",
               url: "https://bugzilla.suse.com/1210714",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.3.1.noarch",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.3.1.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2023-06-23T11:41:37Z",
               details: "moderate",
            },
         ],
         title: "CVE-2023-1255",
      },
      {
         cve: "CVE-2023-2650",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2023-2650",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit.  OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime.  The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced.  This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL.  If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS.  It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain.  Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates.  This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.aarch64",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.s390x",
               "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
               "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
               "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
               "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
               "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
               "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.s390x",
               "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.aarch64",
               "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
               "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.s390x",
               "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.x86_64",
               "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.3.1.noarch",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2023-2650",
               url: "https://www.suse.com/security/cve/CVE-2023-2650",
            },
            {
               category: "external",
               summary: "SUSE Bug 1211430 for CVE-2023-2650",
               url: "https://bugzilla.suse.com/1211430",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.3.1.noarch",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.aarch64",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.s390x",
                  "SUSE Linux Enterprise Module for Basesystem 15 SP5:openssl-3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:libopenssl-3-devel-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl-3-devel-32bit-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:libopenssl3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:libopenssl3-32bit-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.aarch64",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.ppc64le",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.s390x",
                  "openSUSE Leap 15.5:openssl-3-3.0.8-150500.5.3.1.x86_64",
                  "openSUSE Leap 15.5:openssl-3-doc-3.0.8-150500.5.3.1.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2023-06-23T11:41:37Z",
               details: "moderate",
            },
         ],
         title: "CVE-2023-2650",
      },
   ],
}

cve-2023-2650

Vulnerability from cvelistv5

Published

2023-05-30 13:40

Modified

2025-03-19 15:25

Severity ?

Summary

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20230530.txt	vendor-advisory
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a	patch
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b	patch
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098	patch
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c	patch
	http://www.openwall.com/lists/oss-security/2023/05/30/1
	https://www.debian.org/security/2023/dsa-5417
	https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009
	https://security.netapp.com/advisory/ntap-20230703-0001/
	https://security.netapp.com/advisory/ntap-20231027-0009/
	https://security.gentoo.org/glsa/202402-08

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: 3.1.1 ≤ Version: 3.0.0 ≤ Version: 1.1.1 < 1.1.1u Version: 1.0.2 < 1.0.2zh

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T06:26:09.899Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "OpenSSL Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20230530.txt",
               },
               {
                  name: "3.1.1 git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a",
               },
               {
                  name: "3.0.9 git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b",
               },
               {
                  name: "1.1.1u git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098",
               },
               {
                  name: "1.0.2zh patch (premium)",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/05/30/1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5417",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230703-0001/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20231027-0009/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202402-08",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 6.5,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "NONE",
                     integrityImpact: "NONE",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-2650",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-06T15:55:48.363375Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-770",
                        description: "CWE-770 Allocation of Resources Without Limits or Throttling",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-19T15:25:32.613Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "OpenSSL",
               vendor: "OpenSSL",
               versions: [
                  {
                     lessThan: "3.1.1",
                     status: "affected",
                     version: "3.1.1",
                     versionType: "semver",
                  },
                  {
                     lessThan: "3.0.9",
                     status: "affected",
                     version: "3.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "1.1.1u",
                     status: "affected",
                     version: "1.1.1",
                     versionType: "custom",
                  },
                  {
                     lessThan: "1.0.2zh",
                     status: "affected",
                     version: "1.0.2",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "reporter",
               user: "00000000-0000-4000-9000-000000000000",
               value: "OSSFuzz",
            },
            {
               lang: "en",
               type: "reporter",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Matt Caswell",
            },
            {
               lang: "en",
               type: "remediation developer",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Richard Levitte",
            },
         ],
         datePublic: "2023-05-30T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Issue summary: Processing some specially crafted ASN.1 object identifiers or<br>data containing them may be very slow.<br><br>Impact summary: Applications that use OBJ_obj2txt() directly, or use any of<br>the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message<br>size limit may experience notable to very long delays when processing those<br>messages, which may lead to a Denial of Service.<br><br>An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -<br>most of which have no size limit.  OBJ_obj2txt() may be used to translate<br>an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL<br>type ASN1_OBJECT) to its canonical numeric text form, which are the<br>sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by<br>periods.<br><br>When one of the sub-identifiers in the OBJECT IDENTIFIER is very large<br>(these are sizes that are seen as absurdly large, taking up tens or hundreds<br>of KiBs), the translation to a decimal number in text may take a very long<br>time.  The time complexity is O(n^2) with 'n' being the size of the<br>sub-identifiers in bytes (*).<br><br>With OpenSSL 3.0, support to fetch cryptographic algorithms using names /<br>identifiers in string form was introduced.  This includes using OBJECT<br>IDENTIFIERs in canonical numeric text form as identifiers for fetching<br>algorithms.<br><br>Such OBJECT IDENTIFIERs may be received through the ASN.1 structure<br>AlgorithmIdentifier, which is commonly used in multiple protocols to specify<br>what cryptographic algorithm should be used to sign or verify, encrypt or<br>decrypt, or digest passed data.<br><br>Applications that call OBJ_obj2txt() directly with untrusted data are<br>affected, with any version of OpenSSL.  If the use is for the mere purpose<br>of display, the severity is considered low.<br><br>In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,<br>CMS, CMP/CRMF or TS.  It also impacts anything that processes X.509<br>certificates, including simple things like verifying its signature.<br><br>The impact on TLS is relatively low, because all versions of OpenSSL have a<br>100KiB limit on the peer's certificate chain.  Additionally, this only<br>impacts clients, or servers that have explicitly enabled client<br>authentication.<br><br>In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,<br>such as X.509 certificates.  This is assumed to not happen in such a way<br>that it would cause a Denial of Service, so these versions are considered<br>not affected by this issue in such a way that it would be cause for concern,<br>and the severity is therefore considered low.",
                  },
               ],
               value: "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit.  OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime.  The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced.  This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL.  If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS.  It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain.  Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates.  This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.",
            },
         ],
         metrics: [
            {
               format: "other",
               other: {
                  content: {
                     text: "Moderate",
                  },
                  type: "https://www.openssl.org/policies/general/security-policy.html",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "inefficient algorithmic complexity",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-02-04T09:06:37.503Z",
            orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            shortName: "openssl",
         },
         references: [
            {
               name: "OpenSSL Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.openssl.org/news/secadv/20230530.txt",
            },
            {
               name: "3.1.1 git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a",
            },
            {
               name: "3.0.9 git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b",
            },
            {
               name: "1.1.1u git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098",
            },
            {
               name: "1.0.2zh patch (premium)",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c",
            },
            {
               url: "http://www.openwall.com/lists/oss-security/2023/05/30/1",
            },
            {
               url: "https://www.debian.org/security/2023/dsa-5417",
            },
            {
               url: "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html",
            },
            {
               url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230703-0001/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20231027-0009/",
            },
            {
               url: "https://security.gentoo.org/glsa/202402-08",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Possible DoS translating ASN.1 object identifiers",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
      assignerShortName: "openssl",
      cveId: "CVE-2023-2650",
      datePublished: "2023-05-30T13:40:11.963Z",
      dateReserved: "2023-05-11T06:09:26.543Z",
      dateUpdated: "2025-03-19T15:25:32.613Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-1255

Vulnerability from cvelistv5

Published

2023-04-20 16:14

Modified

2025-02-13 16:39

Severity ?

Summary

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20230419.txt	vendor-advisory
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a	patch
	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb	patch
	https://security.netapp.com/advisory/ntap-20230908-0006/

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: 3.1.0 ≤ Version: 3.0.0 ≤

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:40:59.617Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "OpenSSL Advisory",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.openssl.org/news/secadv/20230419.txt",
               },
               {
                  name: "3.1.1 git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a",
               },
               {
                  name: "3.0.9 git commit",
                  tags: [
                     "patch",
                     "x_transferred",
                  ],
                  url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20230908-0006/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "HIGH",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 5.9,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "NONE",
                     integrityImpact: "NONE",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2023-1255",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-04T21:14:55.272222Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-125",
                        description: "CWE-125 Out-of-bounds Read",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-04T21:16:24.506Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "OpenSSL",
               vendor: "OpenSSL",
               versions: [
                  {
                     lessThan: "3.1.1",
                     status: "affected",
                     version: "3.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "3.0.9",
                     status: "affected",
                     version: "3.0.0",
                     versionType: "semver",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "reporter",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Anton Romanov (Amazon)",
            },
            {
               lang: "en",
               type: "remediation developer",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Nevine Ebeid (Amazon)",
            },
         ],
         datePublic: "2023-03-21T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM<br>platform contains a bug that could cause it to read past the input buffer,<br>leading to a crash.<br><br>Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM<br>platform can crash in rare circumstances. The AES-XTS algorithm is usually<br>used for disk encryption.<br><br>The AES-XTS cipher decryption implementation for 64 bit ARM platform will read<br>past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16<br>byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext<br>buffer is unmapped, this will trigger a crash which results in a denial of<br>service.<br><br>If an attacker can control the size and location of the ciphertext buffer<br>being decrypted by an application using AES-XTS on 64 bit ARM, the<br>application is affected. This is fairly unlikely making this issue<br>a Low severity one.",
                  },
               ],
               value: "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.",
            },
         ],
         metrics: [
            {
               format: "other",
               other: {
                  content: {
                     text: "Low",
                  },
                  type: "https://www.openssl.org/policies/secpolicy.html",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "buffer over-read",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-08T16:06:36.509Z",
            orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            shortName: "openssl",
         },
         references: [
            {
               name: "OpenSSL Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.openssl.org/news/secadv/20230419.txt",
            },
            {
               name: "3.1.1 git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a",
            },
            {
               name: "3.0.9 git commit",
               tags: [
                  "patch",
               ],
               url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20230908-0006/",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Input buffer over-read in AES-XTS implementation on 64 bit ARM",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
      assignerShortName: "openssl",
      cveId: "CVE-2023-1255",
      datePublished: "2023-04-20T16:14:54.707Z",
      dateReserved: "2023-03-07T14:56:07.099Z",
      dateUpdated: "2025-02-13T16:39:19.031Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

cve-2023-2650

Vulnerability from cvelistv5

cve-2023-1255

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature