Lucene search

Basic search
Lucene search
Search by product

Database

Vendors

FreeBSD41C60E16-2405-11EE-A0D1-84A93843EB75

HistoryJul 14, 2023 - 12:00 a.m.

Vulners
/
Freebsd
/
OpenSSL -- AES-SIV implementation ignores empty associated data entries

OpenSSL -- AES-SIV implementation ignores empty associated data entries

2023-07-1400:00:00

vuxml.freebsd.org

openssl

aes-siv

bug

empty entries

unauthenticated

unix

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

The OpenSSL project reports:

The AES-SIV cipher implementation contains a bug that causes
it to ignore empty associated data entries which are unauthenticated as
a consequence.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchopenssl30< 3.0.9_1UNKNOWN
FreeBSDanynoarchopenssl31< 3.1.1_1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	openssl30	< 3.0.9_1	UNKNOWN
FreeBSD	any	noarch	openssl31	< 3.1.1_1	UNKNOWN

References

www.openssl.org/news/secadv/20230714.txt

cgr 1

nvd 1

cve 1

ibm 10

veracode 1

openvas 9

alpinelinux 1

ubuntucve 1

osv 3

redhatcve 1

cvelist 1

prion 1

openssl 1

wolfi 1

redos 1

nessus 14

f5 1

debiancve 1

photon 2

mageia 2

ubuntu 1

cloudfoundry 1

redhat 8

oraclelinux 1

aix 1

almalinux 1

ics 2

gentoo 1

hp 1

oracle 3

cgr

CVE-2023-2975 vulnerabilities

2024-05-19 03:07:16

nvd

CVE-2023-2975

2023-07-14 12:15:09

cve

CVE-2023-2975

2023-07-14 12:15:09

ibm

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

2024-03-14 05:26:03

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass

2023-10-26 11:29:34

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to OpenSSL

2023-10-10 12:14:08

veracode

Improper Authentication

2023-07-19 01:25:29

openvas

OpenSSL Information Disclosure Vulnerability (20230714) - Windows

2023-07-17 00:00:00

OpenSSL Information Disclosure Vulnerability (20230714) - Linux

2023-07-17 00:00:00

openSUSE: Security Advisory for openssl (SUSE-SU-2023:3011-1)

2024-03-04 00:00:00

alpinelinux

CVE-2023-2975

2023-07-14 12:15:09

ubuntucve

CVE-2023-2975

2023-07-14 00:00:00

osv

CVE-2023-2975

2023-07-14 12:15:09

openssl vulnerabilities

2023-10-24 16:14:24

Low: openssl and openssl-fips-provider security update

2024-04-30 00:00:00

redhatcve

CVE-2023-2975

2023-07-19 05:03:13

cvelist

CVE-2023-2975 AES-SIV implementation ignores empty associated data entries

2023-07-14 11:16:25

prion

Null pointer dereference

2023-07-14 12:15:00

openssl

Vulnerability in OpenSSL CVE-2023-2975

2023-07-07 00:00:00

wolfi

CVE-2023-2975 vulnerabilities

2024-07-03 09:08:38

redos

ROS-20230915-14

2023-09-15 00:00:00

nessus

FreeBSD : OpenSSL -- AES-SIV implementation ignores empty associated data entries (41c60e16-2405-11ee-a0d1-84a93843eb75)

2023-07-16 00:00:00

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:3013-1)

2023-07-29 00:00:00

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:3011-1)

2023-07-29 00:00:00

K000135633 : OpenSSL vulnerability CVE-2023-2975

2023-07-27 00:00:00

debiancve

CVE-2023-2975

2023-07-14 12:15:09

photon

Moderate Photon OS Security Update - PHSA-2023-4.0-0434

2023-07-21 00:00:00

Moderate Photon OS Security Update - PHSA-2023-5.0-0055

2023-07-23 00:00:00

mageia

Updated openssl packages fix security vulnerability

2023-09-11 16:07:54

Updated quictls packages fix security vulnerabilities

2023-09-30 22:15:40

ubuntu

OpenSSL vulnerabilities

2023-10-24 00:00:00

cloudfoundry

USN-6450-1: OpenSSL vulnerabilities | Cloud Foundry

2023-11-09 00:00:00

redhat

(RHSA-2024:2447) Low: openssl and openssl-fips-provider security update

2024-04-30 06:15:44

(RHSA-2024:2933) Important: logging for Red Hat OpenShift security update

2024-05-23 06:15:17

(RHSA-2024:2901) Low: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-394 Security Update

2024-05-23 14:07:36

oraclelinux

openssl and openssl-fips-provider security update

2024-05-03 00:00:00

aix

Multiple vulnerabilities in OpenSSL affect AIX

2023-09-11 10:43:54

almalinux

Low: openssl and openssl-fips-provider security update

2024-04-30 00:00:00

ics

Siemens SIMATIC MV500

2023-11-16 12:00:00

Siemens SINEC NMS

2024-02-15 12:00:00

gentoo

OpenSSL: Multiple Vulnerabilities

2024-02-04 00:00:00

HP Device Manager Security Updates

2023-10-20 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - April 2024

2024-04-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for 41C60E16-2405-11EE-A0D1-84A93843EB75