Published: 20/04/2023 Updated: 08/09/2023

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 0

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openssl openssl

Debian Bug report logs - #1034720 openssl: CVE-2023-1255 CVE-2023-0466 CVE-2023-0465 CVE-2023-0464 Package: src:openssl; Maintainer for src:openssl is Debian OpenSSL Team <pkg-openssl-devel@alioth-listsdebiannet>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sat, 22 Apr 2023 17:30:01 UTC Severity: importa ...

Synopsis Important: Network observability 130 for Openshift Type/Severity Security Advisory: Important Topic Network Observability 130 for OpenShiftRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ava ...

Synopsis Moderate: OpenShift Container Platform 4136 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4136 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Con ...

Synopsis Moderate: Red Hat OpenShift Enterprise security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41223 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platform 4 ...

Synopsis Moderate: openssl security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openssl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...

Synopsis Important: Security Update for cert-manager Operator for Red Hat OpenShift 1103 Type/Severity Security Advisory: Important Topic cert-manager Operator for Red Hat OpenShift 1103Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score, whichgive ...

Synopsis Moderate: OpenShift Container Platform 4135 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4135 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platf ...

Synopsis Moderate: Red Hat OpenShift Data Foundation 4131 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4131 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this update ...

Synopsis Moderate: OpenShift sandboxed containers 141 security update Type/Severity Security Advisory: Moderate Topic OpenShift sandboxed containers 141 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed seve ...

Description This CVE is under investigation by Red Hat Product Security ...

Hitachi Infrastructure Analytics Advisor contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533 Hitachi Ops Center Analyzer contains the following vulnerabilities: CVE-2019-10172, CVE-2019-10202, CVE-2021-37533, CVE-2022-1471, CVE-2023-1370, CVE-2023-26048, CVE-2023-26049 Hitachi Ops Center Analyzer viewpoi ...

Menu Log in ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-125 https://www.openssl.org/news/secadv/20230419.txt https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb https://security.netapp.com/advisory/ntap-20230908-0006/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-15 https://access.redhat.com/security/cve/cve-2023-1255

Get Started

CVE-2023-1255

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect