CVE-2021-23840

Published Feb 16, 2021
Last updated 8 months ago
CVSS high 7.5
Overview

Description: Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
Source: openssl-security@openssl.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-190
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F12DBEEA-AAB3-4383-A3E2-F865B960BA07",
            "versionEndExcluding": "1.0.2y",
            "versionStartIncluding": "1.0.2"
          },
          {
            "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90147138-26F0-42CF-A1DB-BE1853885CA6",
            "versionEndExcluding": "1.1.1j",
            "versionStartIncluding": "1.1.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2D529D0-539D-4540-B70C-230D09A87572",
            "versionEndExcluding": "6.0.8"
          },
          {
            "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "657682A0-54D5-4DC6-A98E-8BAF685926C4"
          },
          {
            "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FC5C76C-3474-4B26-8CF0-2DFAFA3D5458"
          },
          {
            "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8661D361-71B5-4C41-A818-C89EC551D900"
          },
          {
            "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "253603DC-2D92-442A-B3A8-A63E14D8A070"
          },
          {
            "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E112CFF-31F9-4D87-9A1B-AE0FCF69615E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61516569-C48F-4362-B334-8CA10EDB0EC2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "058C7C4B-D692-49DE-924A-C2725A8162D3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F0434A5-F2A1-4973-917C-A95F2ABE97D1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96DD93E0-274E-4C36-99F3-EEF085E57655"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
            "versionEndExcluding": "9.2.6.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9E14DE8-29C1-4C0C-9B31-2E3A11EE68E4",
            "versionEndExcluding": "5.7.33"
          },
          {
            "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBE10671-5C91-4ACF-ABD2-255E9F2F9D79",
            "versionEndExcluding": "8.0.23",
            "versionStartIncluding": "8.0.15"
          },
          {
            "criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
            "versionEndExcluding": "20.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5",
            "versionEndExcluding": "5.10.0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608",
            "versionEndExcluding": "xcp2410"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A107698C-9C63-44A9-8A2B-81EDD5702B4C",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD",
            "versionEndExcluding": "xcp3110"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
            "versionEndIncluding": "10.12.0",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67D64118-C228-41AF-8193-F90A772AAB8E",
            "versionEndExcluding": "10.24.0",
            "versionStartIncluding": "10.13.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "564ED5C8-50D7-413A-B88E-E62B6C07336A",
            "versionEndIncluding": "12.12.0",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1D6CFAA-BEDB-40EB-BDE6-35BBA99F0BB4",
            "versionEndExcluding": "12.21.0",
            "versionStartIncluding": "12.13.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
            "versionEndIncluding": "14.14.0",
            "versionStartIncluding": "14.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E640EA36-17B2-4745-A831-AB8655F3579D",
            "versionEndExcluding": "15.10.0",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:nodejs:node.js:14.15.0:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0425023F-CA30-4447-AD5C-B76556461CCC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
