fkie_cve-2021-23840
Vulnerability from fkie_nvd
Published
2021-02-16 17:15
Modified
2024-11-21 05:51
Summary
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
References
openssl-security@openssl.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfThird Party Advisory
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
openssl-security@openssl.orghttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846Third Party Advisory
openssl-security@openssl.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10366Third Party Advisory
openssl-security@openssl.orghttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
openssl-security@openssl.orghttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
openssl-security@openssl.orghttps://security.gentoo.org/glsa/202103-03Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20210219-0009/Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20240621-0006/
openssl-security@openssl.orghttps://www.debian.org/security/2021/dsa-4855Third Party Advisory
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20210216.txtVendor Advisory
openssl-security@openssl.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2021-03Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2021-09Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2021-10Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
af854a3a-2127-422b-91ae-364da2661108https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10366Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202103-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210219-0009/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4855Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20210216.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-09Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-10Third Party Advisory
Impacted products
Vendor Product Version
openssl openssl *
openssl openssl *
debian debian_linux 10.0
tenable log_correlation_engine *
tenable nessus_network_monitor 5.11.0
tenable nessus_network_monitor 5.11.1
tenable nessus_network_monitor 5.12.0
tenable nessus_network_monitor 5.12.1
tenable nessus_network_monitor 5.13.0
oracle business_intelligence 5.5.0.0.0
oracle business_intelligence 5.9.0.0.0
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
oracle communications_cloud_native_core_policy 1.15.0
oracle enterprise_manager_for_storage_management 13.4.0.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle graalvm 19.3.5
oracle graalvm 20.3.1.2
oracle graalvm 21.0.0.2
oracle jd_edwards_enterpriseone_tools *
oracle jd_edwards_world_security a9.4
oracle mysql_server *
oracle mysql_server *
oracle nosql_database *
mcafee epolicy_orchestrator *
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
fujitsu m10-1_firmware *
fujitsu m10-1 -
fujitsu m10-4_firmware *
fujitsu m10-4 -
fujitsu m10-4s_firmware *
fujitsu m10-4s -
fujitsu m12-1_firmware *
fujitsu m12-1 -
fujitsu m12-2_firmware *
fujitsu m12-2 -
fujitsu m12-2s_firmware *
fujitsu m12-2s -
fujitsu m10-1_firmware *
fujitsu m10-1 -
fujitsu m10-4_firmware *
fujitsu m10-4 -
fujitsu m10-4s_firmware *
fujitsu m10-4s -
fujitsu m12-1_firmware *
fujitsu m12-1 -
fujitsu m12-2_firmware *
fujitsu m12-2 -
fujitsu m12-2s_firmware *
fujitsu m12-2s -
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js 14.15.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12DBEEA-AAB3-4383-A3E2-F865B960BA07",
              "versionEndExcluding": "1.0.2y",
              "versionStartIncluding": "1.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90147138-26F0-42CF-A1DB-BE1853885CA6",
              "versionEndExcluding": "1.1.1j",
              "versionStartIncluding": "1.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D529D0-539D-4540-B70C-230D09A87572",
              "versionEndExcluding": "6.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "657682A0-54D5-4DC6-A98E-8BAF685926C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC5C76C-3474-4B26-8CF0-2DFAFA3D5458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8661D361-71B5-4C41-A818-C89EC551D900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "253603DC-2D92-442A-B3A8-A63E14D8A070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E112CFF-31F9-4D87-9A1B-AE0FCF69615E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61516569-C48F-4362-B334-8CA10EDB0EC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "058C7C4B-D692-49DE-924A-C2725A8162D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "0F0434A5-F2A1-4973-917C-A95F2ABE97D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "96DD93E0-274E-4C36-99F3-EEF085E57655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
              "versionEndExcluding": "9.2.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9E14DE8-29C1-4C0C-9B31-2E3A11EE68E4",
              "versionEndExcluding": "5.7.33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE10671-5C91-4ACF-ABD2-255E9F2F9D79",
              "versionEndExcluding": "8.0.23",
              "versionStartIncluding": "8.0.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
              "versionEndExcluding": "20.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5",
              "versionEndExcluding": "5.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E63B7B2-409A-476E-BA12-2A2D2F3B85DE",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADB5D4C9-DA14-4188-9181-17336F9445F6",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B7CFBF-761C-4EAA-A322-EF5E294AADED",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E74AAF52-1388-4BD9-B17B-3A6A32CA3608",
              "versionEndExcluding": "xcp2410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A107698C-9C63-44A9-8A2B-81EDD5702B4C",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "983D27DE-BC89-454E-AE47-95A26A3651E2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FC0460E-4695-44FB-99EE-28B2C957B760",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5825AEE1-B668-40BD-86A9-2799430C742C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD54A092-85A7-4459-9C69-19E6E24AC24B",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F813DBC-BA1E-4C73-AA11-1BD3F9508372",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0CF40B-E5BD-4558-9321-184D58EF621D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "416B805F-799A-4466-AC5A-93D083A2ABBD",
              "versionEndExcluding": "xcp3110",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95503CE5-1D06-4092-A60D-D310AADCAFB1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "25A3180B-21AF-4010-9DAB-41ADFD2D8031",
              "versionEndIncluding": "10.12.0",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "67D64118-C228-41AF-8193-F90A772AAB8E",
              "versionEndExcluding": "10.24.0",
              "versionStartIncluding": "10.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "564ED5C8-50D7-413A-B88E-E62B6C07336A",
              "versionEndIncluding": "12.12.0",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F1D6CFAA-BEDB-40EB-BDE6-35BBA99F0BB4",
              "versionEndExcluding": "12.21.0",
              "versionStartIncluding": "12.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "428DCD7B-6F66-4F18-B780-5BD80143D482",
              "versionEndIncluding": "14.14.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "E640EA36-17B2-4745-A831-AB8655F3579D",
              "versionEndExcluding": "15.10.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:14.15.0:*:*:*:lts:*:*:*",
              "matchCriteriaId": "0425023F-CA30-4447-AD5C-B76556461CCC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."
    },
    {
      "lang": "es",
      "value": "Las llamadas a EVP_CipherUpdate, EVP_EncryptUpdate y EVP_DecryptUpdate, pueden desbordar el argumento de la longitud de salida en algunos casos en los que la longitud de entrada est\u00e1 cerca de la longitud m\u00e1xima permitida para un entero en la plataforma. En tales casos, el valor de retorno de la llamada a la funci\u00f3n ser\u00e1 1 (indicando success), pero el valor de la longitud de salida ser\u00e1 negativo. Esto podr\u00eda causar que las aplicaciones se comporten de forma incorrecta o se bloqueen. Las versiones de OpenSSL 1.1.1i e inferiores est\u00e1n afectadas por este problema. Los usuarios de estas versiones deber\u00edan actualizar a OpenSSL versi\u00f3n 1.1.1j. Las versiones de OpenSSL 1.0.2x e inferiores est\u00e1n afectadas por este problema. Sin embargo, OpenSSL versi\u00f3n 1.0.2 est\u00e1 fuera de soporte y ya no recibe actualizaciones p\u00fablicas. Los clientes con soporte Premium de OpenSSL versi\u00f3n 1.0.2 deben actualizar a la versi\u00f3n 1.0.2y. Los dem\u00e1s usuarios deben actualizar a la versi\u00f3n 1.1.1j. Corregido en OpenSSL versi\u00f3n 1.1.1j (Afect\u00f3 versiones 1.1.1-1.1.1i). Corregido en OpenSSL versi\u00f3n 1.0.2y (Afect\u00f3 versiones 1.0.2-1.0.2x)"
    }
  ],
  "id": "CVE-2021-23840",
  "lastModified": "2024-11-21T05:51:55.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-16T17:15:13.300",
  "references": [
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202103-03"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4855"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20210216.txt"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-03"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-09"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202103-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210219-0009/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4855"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20210216.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-10"
    }
  ],
  "sourceIdentifier": "openssl-security@openssl.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…