Integer overflow in CipherUpdate
CVE-2021-23840

7.5HIGH

Key Information:

Vendor: OpenSSL
Status: OpenSSL
Vendor: CVE Published:; 16 February 2021

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Affected Version(s)

OpenSSL Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i)

OpenSSL Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

openssl-1.1.1g_CVE-2021-23840
Created by Trinadh465

References

https://www.openssl.org/news/secadv/20210216.txt

https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitd...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Sep 11, 2023
👾
Exploit known to exist
Sep 11, 2023
Vulnerability published
Feb 16, 2021
Vulnerability Reserved
Jan 12, 2021

Credit

Paul Kehrer