Bug 1930324 (CVE-2021-23840)
| Summary: | CVE-2021-23840 openssl: integer overflow in CipherUpdate | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aboyko, asoldano, atangrin, bbaranow, berrange, bmaxwell, brian.stansberry, cdewolf, cfergeau, chazlett, crypto-team, csutherl, darran.lofthouse, dkreling, dosoudil, eleandro, elima, erik-fedora, fidencio, gghezzo, gparvin, gwync, gzaronik, hmatsumo, iweiss, jclere, jimhart, jochrist, jperkins, jramanat, jweiser, jwon, kaycoth, krathod, kraxel, ktietz, kwills, lersek, lgao, marcandre.lureau, msochure, msvehla, mturk, nwallace, pbonzini, philmd, pjindal, pmackay, redhat-bugzilla, rguimara, rh-spice-bugs, rjones, rstancel, rsvoboda, sahana, smaestri, stcannon, szappis, tcrider, thee, tm, tom.jenkinson, virt-maint, yborgess, yozone |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openssl 1.1.1j, openssl 1.0.2y | Doc Type: | If docs needed, set a value |
| Doc Text: |
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-04-13 06:39:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1935195, 1935199, 1935201, 1935202, 1930325, 1930326, 1930327, 1930328, 1932128, 1932129, 1932132, 1935193, 1935194, 1935196, 1935197, 1935198, 1935205, 1936456, 1936583, 1940069, 1940070 | ||
| Bug Blocks: | 1930329 | ||
|
Description
Guilherme de Almeida Suckevicz
2021-02-18 16:56:01 UTC
Created compat-openssl10 tracking bugs for this issue: Affects: fedora-all [bug 1930328] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1930327] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1930325] Created openssl11 tracking bugs for this issue: Affects: epel-7 [bug 1930326] External References: https://www.openssl.org/news/secadv/20210216.txt Statement: This flaw only affects applications which are compiled with OpenSSL and using EVP_CipherUpdate, EVP_EncryptUpdate or EVP_DecryptUpdate functions. When specially-crafted values are passed to these functions, it can cause the application to crash or behave incorrectly. This vulnerability is out of security support scope for the following product: * Red Hat JBoss Enterprise Application Platform 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details. This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8 Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7 Via RHSA-2021:1168 https://access.redhat.com/errata/RHSA-2021:1168 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23840 I see this is closed, but RHEL7 still shows as affected here: https://access.redhat.com/security/cve/cve-2021-23840 Can you please update it? Thanks -jim This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Via RHSA-2021:3016 https://access.redhat.com/errata/RHSA-2021:3016 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3798 https://access.redhat.com/errata/RHSA-2021:3798 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4198 https://access.redhat.com/errata/RHSA-2021:4198 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4424 https://access.redhat.com/errata/RHSA-2021:4424 This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2021:4613 https://access.redhat.com/errata/RHSA-2021:4613 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2021:4614 https://access.redhat.com/errata/RHSA-2021:4614 |