tnozaki / NetBSD / issues / #212 - [OpenSSL-1.0.2] CVE-2021-23840 Don't overflow the output length in EVP_CipherUpdate calls — Bitbucket

Issue #212 resolved

Takehiko NOZAKI repo owner created an issue 2021-10-16

detailed info:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
https://www.openssl.org/news/secadv/20210216.txt

fix:
https://github.com/openssl/openssl/commit/6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1

Comments (2)

Takehiko NOZAKI reporter
- changed status to resolved
BUGFIX: Issue ~~#212~~ - CVE-2021-23840 Don't overflow the output length in EVP_CipherUpdate calls

cherry-picked from OpenSSL-1_1_1-stable branch with some modification by me: https://github.com/openssl/openssl/commit/6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1

originar commit mewssage:

Don't overflow the output length in EVP_CipherUpdate calls

CVE-2021-23840

Reviewed-by: Paul Dale pauli@openssl.org

→ <<cset 5c700051d6da>>
- 2021-10-16T09:26:49+00:00
Takehiko NOZAKI reporter
- edited description
- 2021-10-16T09:48:01+00:00
Log in to comment

Assignee: Takehiko NOZAKI

Type: bug

Priority: major

Status: resolved

Votes: 0

Watchers: 1