CVE-2023-1255: Input buffer over-read in AES-XTS implementation on 64 bit ARM
First published: Thu Apr 20 2023(Updated: )
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.
Credit: openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/openssl | <=3.0.8-1<=1.1.1-1 | 3.0.9-1 3.1.1-1 1.1.1n-0+deb11u5 |
| OpenSSL OpenSSL | >=3.0.0<3.0.9 | |
| OpenSSL OpenSSL | >=3.1.0<3.1.1 | |
| redhat/OpenSSL | <3.1.1 | 3.1.1 |
| redhat/OpenSSL | <3.0.9 | 3.0.9 |
| IBM QRadar WinCollect Agent | <=10.0-10.1.7 | |
| debian/openssl | 1.1.1w-0+deb11u1 1.1.1n-0+deb11u5 3.0.14-1~deb12u1 3.0.14-1~deb12u2 3.3.2-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2023-1255
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb
- https://www.openssl.org/news/secadv/20230420.txt
- https://security-tracker.debian.org/tracker/CVE-2023-0466
- https://www.openssl.org/news/secadv/20230328.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908
- https://security-tracker.debian.org/tracker/CVE-2023-0465
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb
- https://security-tracker.debian.org/tracker/CVE-2023-0464
- https://www.openssl.org/news/secadv/20230322.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1
- https://www.cve.org/CVERecord?id=CVE-2023-1255
- https://www.cve.org/CVERecord?id=CVE-2023-0466
- https://www.cve.org/CVERecord?id=CVE-2023-0465
- https://www.cve.org/CVERecord?id=CVE-2023-0464
- https://security-tracker.debian.org/tracker/CVE-2022-4304
- https://security-tracker.debian.org/tracker/CVE-2023-2650
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a
- https://security.netapp.com/advisory/ntap-20230908-0006/
- https://www.openssl.org/news/secadv/20230419.txt
- https://launchpad.net/bugs/cve/CVE-2023-1255
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2188528
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2188530
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2188529
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2188531
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2188526
- https://access.redhat.com/errata/RHSA-2023:3722
- https://access.redhat.com/security/cve/cve-2023-1255
- https://bugzilla.redhat.com/show_bug.cgi?id=2188461
- https://exchange.xforce.ibmcloud.com/vulnerabilities/253370
- https://www.ibm.com/support/pages/node/7081403 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1255
- https://nvd.nist.gov/vuln/detail/CVE-2023-1255
- https://ubuntu.com/security/CVE-2023-1255
Frequently Asked Questions
What is CVE-2023-1255?
CVE-2023-1255 is a vulnerability in the AES-XTS cipher decryption implementation for the 64-bit ARM platform that can cause crashes due to reading past the input buffer.
Who is affected by CVE-2023-1255?
Applications using the AES-XTS algorithm on the 64-bit ARM platform may be affected.
What is the severity of CVE-2023-1255?
The severity of CVE-2023-1255 is high with a CVSS score of 5.9.
How can I fix CVE-2023-1255?
To fix CVE-2023-1255, update the affected OpenSSL package to the recommended versions: 3.0.2-0ubuntu1.10, 3.0.5-2ubuntu2.3, 3.0.8-1ubuntu1.2, 3.0.9-1, 3.1.1-1, or 1.1.1n-0+deb11u5.
Where can I find more information about CVE-2023-1255?
More information about CVE-2023-1255 can be found at the following links: [link1], [link2], [link3].
- collector/debian-bugs
- alias/CVE-2023-1255
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/references
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- package-manager/debian
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/3.0.0
- version/openssl openssl/3.1.0
- package-manager/redhat
- vendor/ibm
- canonical/ibm qradar wincollect agent
- version/ibm qradar wincollect agent/10.0-10.1.7