Bug 2243839 (CVE-2023-5363) - CVE-2023-5363 openssl: Incorrect cipher key and IV length processing
Summary: CVE-2023-5363 openssl: Incorrect cipher key and IV length processing
Keywords:
Status: NEW
Alias: CVE-2023-5363
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2249063 2249064 2249065
Blocks: 2243841
TreeView+ depends on / blocked
 
Reported: 2023-10-13 12:44 UTC by Sandipan Roy
Modified: 2024-04-12 07:03 UTC (History)
39 users (show)

Fixed In Version: OpenSSL 3.0.12, OpenSSL 3.1.4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:0310 0 None None None 2024-01-22 01:14:56 UTC
Red Hat Product Errata RHSA-2024:0500 0 None None None 2024-01-25 16:43:59 UTC

Description Sandipan Roy 2023-10-13 12:44:00 UTC 
Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths. This can lead to potential truncation
or overruns during the initialisation of some symmetric ciphers.

Impact summary: A truncation in the IV can result in non-uniqueness,
which could result in loss of confidentiality for some cipher modes.

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after
the key and IV have been established. Any alterations to the key length,
via the "keylen" parameter or the IV length, via the "ivlen" parameter,
within the OSSL_PARAM array will not take effect as intended, potentially
causing truncation or overreading of these values. The following ciphers
and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in
loss of confidentiality. For example, when following NIST's SP 800-38D
section 8.2.1 guidance for constructing a deterministic IV for AES in
GCM mode, truncation of the counter portion could lead to IV reuse.

Both truncations and overruns of the key and overruns of the IV will
produce incorrect results and could, in some cases, trigger a memory
exception. However, these issues are not currently assessed as security
critical.

Changing the key and IV lengths is not considered to be a common operation
which implies the Moderate severity of this security issue.
Comment 3 Tomas Hoger 2023-10-25 11:28:42 UTC 
Public now via upstream advisory:
https://www.openssl.org/news/secadv/20231024.txt
Comment 5 Sandipan Roy 2023-11-10 13:59:31 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-37 [bug 2249064]
Affects: fedora-38 [bug 2249065]


Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2249063]
Comment 7 errata-xmlrpc 2024-01-22 01:14:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0310 https://access.redhat.com/errata/RHSA-2024:0310
Comment 8 errata-xmlrpc 2024-01-25 16:43:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0500 https://access.redhat.com/errata/RHSA-2024:0500
Note You need to log in before you can comment on or make changes to this bug.