Neil Horman

**Name of the Vulnerable Software and Affected Versions** OpenSSL (affected versions not specified) **Description** Cryptographic Message Services (CMS) processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers. This allows attackers to achieve key-equivalent functionality for a CMS recipient or bypass integrity validation for a message. In one scenario, an attacker can send a CMS message where the cipher is specified as a non-AEAD (Authenticated Encryption with Associated Data) cipher. If an attacker captures a legitimate AES-GCM AuthEnvelopedData message, they can rewrite the inner OID to AES-256-OFB (an unauthenticated keystream mode) with a chosen IV and ciphertext. If the application provides feedback on the success or failure of the decryption, it can act as an oracle to obtain key-equivalent functionality for the `CEK` (content-encryption key). Additionally, an attacker can reduce the tag length of an AEAD cipher to a single byte, enabling a brute-force attack to bypass integrity checks in applications relying on the `CMS decrypt()` function to reject modified content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash before authentication or cryptographic operations, resulting in a Denial of Service. The issue occurs when the optional parameters field of KeyEncryptionAlgorithmIdentifier is examined without checking for its presence, leading to a NULL pointer dereference if the field is missing. Applications and services calling CMS decrypt() on untrusted input, such as S/MIME processing or CMS-based protocols, are affected. Recommendations Update to a version after 3.6. As a temporary workaround, avoid processing untrusted CMS EnvelopedData messages with KeyAgreeRecipientInfo.

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a specially crafted CMS EnvelopedData message with KeyTransportRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash before authentication or cryptographic operations, resulting in a Denial of Service. The issue occurs when examining the optional parameters field of RSA-OAEP SourceFunc algorithm identifier without verifying its presence, leading to a NULL pointer dereference if the field is missing. Applications and services using CMS decrypt() on untrusted input, such as S/MIME processing or CMS-based protocols, are affected. Recommendations Update to a version after 3.6. Update to a version after 3.5. Update to a version after 3.4. Update to a version after 3.3. Update to a version after 3.0.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.0.2 through 3.6 OpenSSL versions 1.1.1 OpenSSL versions 3.0 through 3.6 OpenSSL versions 3.3 through 3.6 OpenSSL versions 3.4 through 3.6 OpenSSL versions 3.5 through 3.6 **Description** A heap-based out-of-bounds write can occur when writing large, newline-free data into a BIO chain utilizing the line-buffering filter, particularly when the subsequent BIO performs short writes. This memory corruption can lead to a denial of service. The line-buffering BIO filter (BIO f linebuffer) is not typically used in default TLS/SSL configurations. The issue is assessed as low severity due to the unlikely circumstances of attacker control and the filter's limited use with attacker-controlled data. The FIPS modules in versions 3.0, 3.3, 3.4, 3.5, and 3.6 are not affected as the BIO implementation is outside the FIPS module boundary. **Recommendations** OpenSSL version 1.0.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL version 1.1.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.0 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.3 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.4 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability. OpenSSL versions 3.5 through 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 **Description** The issue allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field in the ext4 journal stop function. **Recommendations** For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux versions prior to 2.6.13 Linux versions prior to 2.4.32-pre2 **Description** A race condition in the `ip vs conn flush` function allows local users to cause a denial of service by exploiting a null dereference. This occurs when a connection timer expires while the connection table is being flushed before the appropriate lock is acquired, specifically on SMP systems. **Recommendations** For Linux versions prior to 2.6.13, update to version 2.6.13 or later to resolve the issue. For Linux versions prior to 2.4.32-pre2, update to version 2.4.32-pre2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.11 **Description** The issue allows local users to cause a denial of service, resulting in a system crash, by utilizing crafted syscalls on the Itanium IA64 platform. This is related to certain "ptrace corner cases". **Recommendations** For versions prior to 2.6.11, update to version 2.6.11 or later to resolve the issue.