exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

CVE-2021-23840

Status Candidate

Overview

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Related Files

Ubuntu Security Notice USN-7018-1
Posted Sep 18, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 7018-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-1968, CVE-2021-23840, CVE-2022-1292, CVE-2022-2068, CVE-2023-3446, CVE-2024-0727
SHA-256 | 587acc1f444243f9ef3c25e4d1de8aecbfcae8208b00502e26bf42e93ab7624c
Red Hat Security Advisory 2021-4902-06
Posted Dec 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4902-06 - The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Issues addressed include denial of service, information leakage, memory exhaustion, remote shell upload, and traversal vulnerabilities.

tags | advisory, remote, web, denial of service, shell, vulnerability
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-27304, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23343, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-28153
SHA-256 | 16dee4f5e0086cb542abff81a08f987124ff16a3f3637cd31b0568fd6f07ae13
Red Hat Security Advisory 2021-4848-07
Posted Nov 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4848-07 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14145, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-22946, CVE-2021-22947, CVE-2021-23840, CVE-2021-23841, CVE-2021-27218
SHA-256 | 19f369ca91efe5e627e3b6624c087f231da83297e68708c5e0fb2378ecc2b10e
Red Hat Security Advisory 2021-4845-05
Posted Nov 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4845-05 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-26301, CVE-2020-28493, CVE-2020-8037, CVE-2021-20095, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645
SHA-256 | bd99ec51cad85f3c9c41b87c768abf6cf973e23f96461a729a58645e519e2a99
Red Hat Security Advisory 2021-4032-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4032-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23369, CVE-2021-23383, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-28153
SHA-256 | 14f971ee6ac97f93b8de4d06c668c3a26b4bb107cba2ed6ee7eacb091fa3dcc7
Red Hat Security Advisory 2021-4613-01
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4613-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Issues addressed include buffer over-read, heap overflow, integer overflow, and null pointer vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-17567, CVE-2019-20838, CVE-2020-13950, CVE-2020-14155, CVE-2020-35452, CVE-2021-23840, CVE-2021-23841, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-3712
SHA-256 | 7b1e67d15601ddde3dd528384cac640b46e2736909b5819f946d6b03cc6bd6e6
Red Hat Security Advisory 2021-4614-01
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4614-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Issues addressed include buffer over-read, heap overflow, integer overflow, and null pointer vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-17567, CVE-2019-20838, CVE-2020-13950, CVE-2020-14155, CVE-2020-35452, CVE-2021-23840, CVE-2021-23841, CVE-2021-26690, CVE-2021-26691, CVE-2021-30641, CVE-2021-3712
SHA-256 | a3555e355563c36eebdc4b92edb2589ad06f069ab31a4f11e8f540ccf0ec22b7
Red Hat Security Advisory 2021-4198-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4198-03 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include integer overflow and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-23840, CVE-2021-23841
SHA-256 | b16f6f7dfc613eec569d5eb1504345f0aaaf1be08d40bc5d138246dcc3a7466c
Red Hat Security Advisory 2021-4424-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4424-03 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include integer overflow and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2021-23840, CVE-2021-23841
SHA-256 | 04dcb2cd63d13ce31c7ae07daf4d3676d399c3023d5d827f7d5b1b17eeccd7a1
Red Hat Security Advisory 2021-3949-01
Posted Oct 21, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3949-01 - Red Hat Advanced Cluster Management for Kubernetes 2.1.12 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. Issues addressed include denial of service, integer overflow, and out of bounds read vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-4658, CVE-2021-22543, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-23840, CVE-2021-23841, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-36222, CVE-2021-3653, CVE-2021-3656, CVE-2021-37576, CVE-2021-37750, CVE-2021-41099
SHA-256 | da3bb0a2f0aedf1b55d5f8cbbece5dc6749623ae797a40f9e1cf9bf6796ee1a4
Red Hat Security Advisory 2021-3925-01
Posted Oct 20, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3925-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and provide security updates. Issues addressed include denial of service, information leakage, integer overflow, and out of bounds read vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-4658, CVE-2020-25648, CVE-2021-21670, CVE-2021-21671, CVE-2021-22543, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-23017, CVE-2021-23840, CVE-2021-23841, CVE-2021-25741, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32690, CVE-2021-36222, CVE-2021-3653, CVE-2021-3656, CVE-2021-37576, CVE-2021-37750, CVE-2021-41099
SHA-256 | fd1035fefbb8b3d06fa3e4a659771a25d330eb9fd90f1ff55f4f16a1d0ab3d2c
Red Hat Security Advisory 2021-3798-01
Posted Oct 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3798-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include integer overflow and null pointer vulnerabilities.

tags | advisory, overflow, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2021-23840, CVE-2021-23841
SHA-256 | 70a6ac793c80a0ef1c3c2a984d7ceffbdceff3f60ca33baf3fd7e48f6a6e6133
Ubuntu Security Notice USN-5088-1
Posted Sep 23, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5088-1 - It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. Paul Kehrer discovered that OpenSSL used in EDK II incorrectly handled certain input lengths in EVP functions. An attacker could possibly use this issue to cause EDK II to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2019-11098, CVE-2021-23840, CVE-2021-3712, CVE-2021-38575
SHA-256 | 364506777cba9ac853135b7f75877b1504446feea3f08770e812fad58981b8b6
Red Hat Security Advisory 2021-1168-01
Posted Apr 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1168-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console-with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include code execution, denial of service, integer overflow, and null pointer vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-0466, CVE-2020-14040, CVE-2020-27152, CVE-2020-28374, CVE-2020-28500, CVE-2020-28851, CVE-2020-28852, CVE-2020-29529, CVE-2021-21321, CVE-2021-21322, CVE-2021-23337, CVE-2021-23840, CVE-2021-23841, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3121, CVE-2021-3347, CVE-2021-3449, CVE-2021-3450
SHA-256 | cfc0ee4720a885efcdbb629dc90451c511ea3b56ea59530b3ab8554fa0475c01
Gentoo Linux Security Advisory 202103-03
Posted Mar 31, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202103-3 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 1.1.1k are affected.

tags | advisory, remote, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-23840, CVE-2021-23841, CVE-2021-3449, CVE-2021-3450
SHA-256 | 566847b7af0fcb3a90dc25f29b5036c3ee69853cd7da288df1e5db323975f5ee
Debian Security Advisory 4855-1
Posted Feb 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4855-1 - Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash() were found, which could result in denial of service.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2019-1551, CVE-2021-23840, CVE-2021-23841
SHA-256 | 97d32585c37fd8006093ec57a2913bfc6ae8b85626eb395c01aae4dc59e6947a
Ubuntu Security Notice USN-4738-1
Posted Feb 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4738-1 - Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-23840, CVE-2021-23841
SHA-256 | 3674119434b97aa1d488e84d529023ecaeea76725f509e491630edb2026cfda4
OpenSSL Toolkit 1.1.1j
Posted Feb 17, 2021
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() function. Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks. Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate functions. Fixed SRP_Calc_client_key so that it runs in constant time.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2021-23840, CVE-2021-23841
SHA-256 | aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf
OpenSSL Security Advisory 20210216
Posted Feb 16, 2021
Site openssl.org

OpenSSL Security Advisory 20210216 - The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. Other issues were also addressed.

tags | advisory, denial of service
advisories | CVE-2021-23839, CVE-2021-23840, CVE-2021-23841
SHA-256 | 30fecce45189fbb6c13d7b9ef464c081530b0c13a73687a10fc90f4689b57bd1
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close