Input buffer over-read in AES-XTS implementation on 64 bit ARM
Description
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash.
Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption.
The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service.
If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.
Affected products
62(expand)+ 1 more
- (no CPE)
- (no CPE)range: 3.1.0
- osv-coords60 versionspkg:apk/chainguard/libcrypto3pkg:apk/chainguard/libssl3pkg:apk/chainguard/opensslpkg:apk/chainguard/openssl-configpkg:apk/chainguard/openssl-dbgpkg:apk/chainguard/openssl-devpkg:apk/chainguard/openssl-docpkg:apk/chainguard/openssl-engine-afalgpkg:apk/chainguard/openssl-engine-capipkg:apk/chainguard/openssl-engine-loader-atticpkg:apk/chainguard/openssl-engine-padlockpkg:apk/chainguard/openssl-provider-fipspkg:apk/chainguard/openssl-provider-legacypkg:apk/chainguard/ruby-3.0pkg:apk/chainguard/ruby-3.0-devpkg:apk/chainguard/ruby-3.0-docpkg:apk/chainguard/ruby-3.1pkg:apk/chainguard/ruby-3.1-basepkg:apk/chainguard/ruby-3.1-base-devpkg:apk/chainguard/ruby-3.1-devpkg:apk/chainguard/ruby-3.1-docpkg:apk/chainguard/ruby-3.2pkg:apk/chainguard/ruby-3.2-basepkg:apk/chainguard/ruby-3.2-base-devpkg:apk/chainguard/ruby-3.2-devpkg:apk/chainguard/ruby-3.2-docpkg:apk/wolfi/libcrypto3pkg:apk/wolfi/libssl3pkg:apk/wolfi/opensslpkg:apk/wolfi/openssl-configpkg:apk/wolfi/openssl-dbgpkg:apk/wolfi/openssl-devpkg:apk/wolfi/openssl-docpkg:apk/wolfi/openssl-engine-afalgpkg:apk/wolfi/openssl-engine-capipkg:apk/wolfi/openssl-engine-loader-atticpkg:apk/wolfi/openssl-engine-padlockpkg:apk/wolfi/openssl-provider-legacypkg:apk/wolfi/ruby-3.0pkg:apk/wolfi/ruby-3.0-devpkg:apk/wolfi/ruby-3.0-docpkg:apk/wolfi/ruby-3.1pkg:apk/wolfi/ruby-3.1-basepkg:apk/wolfi/ruby-3.1-base-devpkg:apk/wolfi/ruby-3.1-devpkg:apk/wolfi/ruby-3.1-docpkg:apk/wolfi/ruby-3.2pkg:apk/wolfi/ruby-3.2-basepkg:apk/wolfi/ruby-3.2-base-devpkg:apk/wolfi/ruby-3.2-devpkg:apk/wolfi/ruby-3.2-docpkg:rpm/almalinux/opensslpkg:rpm/almalinux/openssl-develpkg:rpm/almalinux/openssl-libspkg:rpm/almalinux/openssl-perlpkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Tumbleweedpkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5
< 3.1.0-r5+ 59 more
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.0.9-r1
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 3.1.0-r5
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1:3.0.7-16.el9_2
- (no CPE)range: < 1:3.0.7-16.el9_2
- (no CPE)range: < 1:3.0.7-16.el9_2
- (no CPE)range: < 1:3.0.7-16.el9_2
- (no CPE)range: < 3.0.8-150400.4.26.1
- (no CPE)range: < 3.0.8-150500.5.3.1
- (no CPE)range: < 3.1.1-1.1
- (no CPE)range: < 3.0.8-150400.4.26.1
- (no CPE)range: < 3.0.8-150500.5.3.1
Patches
Vulnerability mechanics
References
4- git.openssl.org/gitweb/mitrepatch
- git.openssl.org/gitweb/mitrepatch
- www.openssl.org/news/secadv/20230419.txtmitrevendor-advisory
- security.netapp.com/advisory/ntap-20230908-0006/mitre
News mentions
0No linked articles in our index yet.