Information Disclosure

2023-10-2800:48:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

openssl

vulnerability

arbitrary code

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.8%

JSON

openssl is vulnerable to Information Disclosure. An incorrect cipher key & IV length processing vulnerability allows an attacker to exploit a flaw in the way that OpenSSL handles cipher key and IV lengths by tricking a user into opening a specially crafted file or connecting to a malicious server. The file or server would contain a specially crafted TLS/SSL handshake that would exploit the flaw in OpenSSL to execute arbitrary code on the user’s system.

CPENameOperatorVersion
openssl:sideq1.1.1h-1
openssl:3.18eq3.1.1-r1
openssl:3.18eq3.1.3-r0
openssl:3.18eq3.1.2-r0
openssl:3.18eq3.1.0-r4
openssl:3.18eq3.1.1-r2
openssl:3.18eq3.1.1-r3
openssl:3.17eq3.0.5-r3
openssl:3.17eq3.0.10-r0
openssl:3.17eq3.0.8-r0

Name	Operator	Version
openssl:sid	eq	1.1.1h-1
openssl:3.18	eq	3.1.1-r1
openssl:3.18	eq	3.1.3-r0
openssl:3.18	eq	3.1.2-r0
openssl:3.18	eq	3.1.0-r4
openssl:3.18	eq	3.1.1-r2
openssl:3.18	eq	3.1.1-r3
openssl:3.17	eq	3.0.5-r3
openssl:3.17	eq	3.0.10-r0
openssl:3.17	eq	3.0.8-r0