Incorrect cipher key & IV length processing

...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass

Summary OpenSSL is used by IBM App Connect Enterprise Certified Container for some certificate operations. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass, caused by OpenSSL's AES-SIV cipher implementation. This bulletin provides patch...

SUSE CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:4190-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4190-1 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summar...

AZL-42751 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

AZL-42712 CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

DEBIAN-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

ALPINE-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

SUSE-SU-2023:4190-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. bsc1216163 - CVE-2023-3817: Add test of DHcheck with q = p + 1. bsc1213853...

SUSE-SU-2023:4189-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. bsc1216163 - CVE-2023-3817: Add test of DHcheck with q = p + 1. bsc1213853...

OpenSSL 3.0.0 < 3.0.12 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.12 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...

OpenSSL Incorrect Cipher Key & IV Length Processing Vulnerability (20231024) - Windows

OpenSSL is prone to an incorrect processing of key and initialisation vector IV lengths vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Debian: Security Advisory (DSA-5532-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5532-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5532-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2023 https://www.debian.org/security/faq -...

USN-6450-1: OpenSSL vulnerabilities

Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector IV lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. CVE-2023-5363 Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV...

CVE-2023-5363 Incorrect cipher key & IV length processing

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

CVE-2023-5363 Incorrect cipher key & IV length processing

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

Missing Cryptographic Step

Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Missing Cryptographic Step when the EVPEncryptInitex2, EVPDecryptInitex2 or EVPCipherInitex2 functions are used. An attacker can cause truncation or overreading of key and...

UBUNTU-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...