7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.4%
openssl is vulnerable to Information Disclosure. An incorrect cipher key & IV length processing vulnerability allows an attacker to exploit a flaw in the way that OpenSSL handles cipher key and IV lengths by tricking a user into opening a specially crafted file or connecting to a malicious server. The file or server would contain a specially crafted TLS/SSL handshake that would exploit the flaw in OpenSSL to execute arbitrary code on the user’s system.
www.openwall.com/lists/oss-security/2023/10/24/1
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
security-tracker.debian.org/tracker/CVE-2023-5363
security.netapp.com/advisory/ntap-20231027-0010/
security.netapp.com/advisory/ntap-20240201-0003/
security.netapp.com/advisory/ntap-20240201-0004/
www.debian.org/security/2023/dsa-5532
www.openssl.org/news/secadv/20231024.txt
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.4%