- changed status to resolved
[OpenSSL-1.0.2] CVE-2021-23840 Don't overflow the output length in EVP_CipherUpdate calls
Issue #212
resolved
Comments (2)
-
reporter -
reporter - edited description
- Log in to comment
BUGFIX: Issue
#212- CVE-2021-23840 Don't overflow the output length in EVP_CipherUpdate callscherry-picked from OpenSSL-1_1_1-stable branch with some modification by me: https://github.com/openssl/openssl/commit/6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
originar commit mewssage:
Don't overflow the output length in EVP_CipherUpdate calls
CVE-2021-23840
Reviewed-by: Paul Dale pauli@openssl.org
→ <<cset 5c700051d6da>>