Log

AVG-2779 edited at 10 Nov 2023 10:12:37
Status
- Unknown
+ Fixed
AVG-2819 edited at 10 Nov 2023 10:12:23
Status
- Unknown
+ Fixed
AVG-2826 edited at 10 Nov 2023 10:11:44
Status
- Unknown
+ Fixed
AVG-2812 edited at 10 Nov 2023 10:11:06
Status
- Unknown
+ Fixed
AVG-2702 edited at 10 Nov 2023 10:10:09
Status
- Unknown
+ Fixed
AVG-2837 edited at 10 Nov 2023 10:09:42
Status
- Unknown
+ Fixed
AVG-2848 edited at 24 Oct 2023 15:09:30
Severity
- Unknown
+ Medium
CVE-2023-5363 edited at 24 Oct 2023 15:09:30
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Incorrect calculation
Description
+ A bug has been identified in OpenSSL <= 3.1.3, in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
+ For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.
+ Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception.
References
+ https://www.openssl.org/news/secadv/20231024.txt
Notes
AVG-2849 edited at 24 Oct 2023 15:09:30
Severity
- Unknown
+ Medium
CVE-2023-5363 edited at 24 Oct 2023 15:09:30
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Incorrect calculation
Description
+ A bug has been identified in OpenSSL <= 3.1.3, in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
+ For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES inGCM mode, truncation of the counter portion could lead to IV reuse.
+ Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception.
References
+ https://www.openssl.org/news/secadv/20231024.txt
Notes
AVG-2849 created at 24 Oct 2023 15:06:33
Packages
+ lib32-openssl
Issues
+ CVE-2023-5363
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1:3.1.3-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2848 created at 24 Oct 2023 15:06:09
Packages
+ openssl
Issues
+ CVE-2023-5363
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 3.1.3-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://www.openssl.org/news/secadv/20231024.txt
Notes
CVE-2023-5363 created at 24 Oct 2023 15:06:09