---

Log

AVG-1742 edited at 10 Nov 2023 16:14:32
Status	- Vulnerable + Fixed
Fixed	+ 1:0.8+r127+g55d783d-1

AVG-2104 edited at 10 Nov 2023 16:09:13
Status	- Vulnerable + Not affected

AVG-2178 edited at 10 Nov 2023 16:08:38
Status	- Vulnerable + Fixed
Fixed	+ 0.60.8-3

AVG-2779 edited at 10 Nov 2023 10:12:37
Status	- Unknown + Fixed

AVG-2819 edited at 10 Nov 2023 10:12:23
Status	- Unknown + Fixed

AVG-2826 edited at 10 Nov 2023 10:11:44
Status	- Unknown + Fixed

AVG-2812 edited at 10 Nov 2023 10:11:06
Status	- Unknown + Fixed

AVG-2702 edited at 10 Nov 2023 10:10:09
Status	- Unknown + Fixed

AVG-2837 edited at 10 Nov 2023 10:09:42
Status	- Unknown + Fixed

AVG-2848 edited at 24 Oct 2023 15:09:30
Severity	- Unknown + Medium

CVE-2023-5363 edited at 24 Oct 2023 15:09:30
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Incorrect calculation
Description	+ A bug has been identified in OpenSSL <= 3.1.3, in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. + For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse. + Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception.
References	+ https://www.openssl.org/news/secadv/20231024.txt
Notes