Vulnerability Description
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | >= 1.0.2, < 1.0.2y |
| Debian | Debian Linux | 10.0 |
| Tenable | Log Correlation Engine | < 6.0.8 |
| Tenable | Nessus Network Monitor | 5.11.0 |
| Oracle | Business Intelligence | 5.5.0.0.0 |
| Oracle | Communications Cloud Native Core Policy | 1.15.0 |
| Oracle | Enterprise Manager For Storage Management | 13.4.0.0 |
| Oracle | Enterprise Manager Ops Center | 12.4.0.0 |
| Oracle | Graalvm | 19.3.5 |
| Oracle | Jd Edwards Enterpriseone Tools | < 9.2.6.0 |
| Oracle | Jd Edwards World Security | a9.4 |
| Oracle | Mysql Server | < 5.7.33 |
| Oracle | Nosql Database | < 20.3 |
| Mcafee | Epolicy Orchestrator | < 5.10.0 |
| Fujitsu | M10-1 Firmware | < xcp2410 |
| Fujitsu | M10-1 | - |
| Fujitsu | M10-4 Firmware | < xcp2410 |
| Fujitsu | M10-4 | - |
| Fujitsu | M10-4S Firmware | < xcp2410 |
| Fujitsu | M10-4S | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfThird Party Advisory
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846Third Party Advisory
- https://kc.mcafee.com/corporate/index?page=content&id=SB10366Third Party Advisory
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8
- https://security.gentoo.org/glsa/202103-03Third Party Advisory
- https://security.netapp.com/advisory/ntap-20210219-0009/Third Party Advisory
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.debian.org/security/2021/dsa-4855Third Party Advisory
- https://www.openssl.org/news/secadv/20210216.txtVendor Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-23840?
CVE-2021-23840 is a vulnerability with a CVSS score of 7.5 (HIGH). Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an intege...
How severe is CVE-2021-23840?
CVE-2021-23840 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23840?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Debian Debian Linux, Tenable Log Correlation Engine, Tenable Nessus Network Monitor, Oracle Business Intelligence.