CLSA-2023-1702495193 openssl: Fix of CVE-2023-5363

CVE-2023-5363: evp: process key length and iv length early if present...

Insecure AES Initialization Vector

PyPinkSign is vulnerable to the Insecure Initialization Vector. The vulnerability is due to usage of static Initialization Vector for AES encryption. This could lead to Information Disclosure...

GHSA-FXFF-WXXV-C2JC PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-48053

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-48056

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

PYSEC-2023-245

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

Archery Security Vulnerabilities

Archery is an open source set of vulnerability assessment and management tools. A security vulnerability exists in Archery version v1.10.0 that stems from the use of non-random or static IVs for Cipher Block Linking CBC mode in AES encryption, which could lead to information and communication...

PT-2023-30686 · Unknown · Pypinksign

Name of the Vulnerable Software and Affected Versions: PyPinkSign version 0.5.1 Description: The issue concerns the use of a non-random or static Initialization Vector IV in Cipher Block Chaining CBC mode for Advanced Encryption Standard AES encryption. This can potentially lead to the disclosure...

Incorrect cipher key & IV length processing

...

AZL-78558 CVE-2023-5363 affecting package openssl-fips-provider 3.1.2-1

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

USN-6450-1 openssl vulnerabilities

Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector IV lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. CVE-2023-5363 Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV...

CVE-2023-5363 Incorrect cipher key & IV length processing

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

Missing Cryptographic Step

Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Missing Cryptographic Step when the EVPEncryptInitex2, EVPDecryptInitex2 or EVPCipherInitex2 functions are used. An attacker can cause truncation or overreading of key and...

UBUNTU-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

CVE-2022-24401

Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of...

WordPress plugin ProfileGrid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

TP-LINK Smart bulb Tapo 安全漏洞

TP-LINK Smart bulb Tapo is a smart bulb from China P&L TP-LINK. An information disclosure vulnerability exists in the TP-LINK Smart bulb Tapo series L530 and Tapo Application, which can be exploited by an attacker to obtain sensitive information via the IV component of the AES128-CBC feature...

CVE-2023-2747

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

CVE-2023-2747

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...

Design/Logic Flaw

The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...