First published: Thu Apr 20 2023(Updated: )
OpenSSL is vulnerable to a denial of service, caused by a flaw in the AES-XTS cipher decryption implementation for 64 bit ARM platform. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/openssl | <=3.0.8-1<=1.1.1-1 | 3.0.9-1 3.1.1-1 1.1.1n-0+deb11u5 |
OpenSSL OpenSSL | >=3.0.0<3.0.9 | |
OpenSSL OpenSSL | >=3.1.0<3.1.1 | |
IBM QRadar WinCollect Agent | <=10.0-10.1.7 | |
redhat/OpenSSL | <3.1.1 | 3.1.1 |
redhat/OpenSSL | <3.0.9 | 3.0.9 |
ubuntu/openssl | <3.0.2-0ubuntu1.10 | 3.0.2-0ubuntu1.10 |
ubuntu/openssl | <3.0.5-2ubuntu2.3 | 3.0.5-2ubuntu2.3 |
ubuntu/openssl | <3.0.8-1ubuntu1.2 | 3.0.8-1ubuntu1.2 |
ubuntu/openssl | <3.0.8-1ubuntu3 | 3.0.8-1ubuntu3 |
debian/openssl | 1.1.1n-0+deb10u3 1.1.1n-0+deb10u6 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.11-1~deb12u2 3.1.4-2 3.1.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1255 is a vulnerability in the AES-XTS cipher decryption implementation for the 64-bit ARM platform that can cause crashes due to reading past the input buffer.
Applications using the AES-XTS algorithm on the 64-bit ARM platform may be affected.
The severity of CVE-2023-1255 is high with a CVSS score of 5.9.
To fix CVE-2023-1255, update the affected OpenSSL package to the recommended versions: 3.0.2-0ubuntu1.10, 3.0.5-2ubuntu2.3, 3.0.8-1ubuntu1.2, 3.0.9-1, 3.1.1-1, or 1.1.1n-0+deb11u5.
More information about CVE-2023-1255 can be found at the following links: [link1], [link2], [link3].