CVE-2023-1255
Published: 20 April 2023
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.
Notes
| Author | Note |
|---|---|
| mdeslaur | 3.x only |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssl1.0 Launchpad, Ubuntu, Debian |
xenial |
Does not exist
|
| bionic |
Not vulnerable
(3.x only)
|
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
edk2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| kinetic |
Not vulnerable
(code not present)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| lunar |
Not vulnerable
(code not present)
|
|
| mantic |
Not vulnerable
(code not present)
|
|
|
nodejs Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Not vulnerable
(uses system openssl)
|
|
| jammy |
Needed
|
|
| kinetic |
Not vulnerable
(uses system openssl)
|
|
| trusty |
Not vulnerable
(uses system openssl)
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| lunar |
Not vulnerable
(uses system openssl)
|
|
| mantic |
Not vulnerable
(uses system openssl)
|
|
|
openssl Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(3.x only)
|
| focal |
Not vulnerable
(3.x only)
|
|
| jammy |
Released
(3.0.2-0ubuntu1.10)
|
|
| kinetic |
Released
(3.0.5-2ubuntu2.3)
|
|
| trusty |
Not vulnerable
(3.x only)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(3.x only)
|
|
| lunar |
Released
(3.0.8-1ubuntu1.2)
|
|
| mantic |
Released
(3.0.8-1ubuntu3)
|
|
|
Patches: upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb (3.0.x) |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.9 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |