Paul Kehrer

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 1.1.1i and below OpenSSL versions 1.0.2x and below **Description** The issue is related to the functions `EVP CipherUpdate`, `EVP EncryptUpdate`, and `EVP DecryptUpdate` in OpenSSL, which may overflow the output length argument when the input length is close to the maximum permissible length for an integer on the platform. This could cause applications to behave incorrectly or crash. The problem is due to an integer overflow, which can lead to a negative output length value, even though the function call returns a success indicator. **Recommendations** For OpenSSL versions 1.1.1i and below, upgrade to OpenSSL 1.1.1j. For OpenSSL versions 1.0.2x and below, premium support customers should upgrade to 1.0.2y, while other users should upgrade to 1.1.1j. As a temporary workaround, consider restricting the use of the vulnerable functions `EVP CipherUpdate`, `EVP EncryptUpdate`, and `EVP DecryptUpdate` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MariaDB versions prior to 5.5.47 MariaDB versions 10.0.x prior to 10.0.23 MariaDB versions 10.1.x prior to 10.1.10 Oracle MySQL versions 5.5.48 and earlier Oracle MySQL versions 5.6.29 and earlier Oracle MySQL versions 5.7.11 and earlier Percona Server (affected versions not specified) **Description** The issue arises from improper verification of the server hostname against the domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via a specific string in a certificate field. The vulnerability can be exploited by a high-privileged attacker with network access to compromise the MySQL Server, potentially leading to a denial-of-service (DOS) condition where the server hangs or crashes repeatedly. **Recommendations** For MariaDB versions prior to 5.5.47, update to version 5.5.47 or later. For MariaDB versions 10.0.x prior to 10.0.23, update to version 10.0.23 or later. For MariaDB versions 10.1.x prior to 10.1.10, update to version 10.1.10 or later. For Oracle MySQL versions 5.5.48 and earlier, update to a version later than 5.5.48. For Oracle MySQL versions 5.6.29 and earlier, update to a version later than 5.6.29. For Oracle MySQL versions 5.7.11 and earlier, update to a version later than 5.7.11. For Percona Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 4.2.10 Apple iOS versions 4.3.x prior to 4.3.5 **Description** The issue concerns the Data Security component's failure to check the basicConstraints parameter during the validation of X.509 certificate chains. This allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. **Recommendations** For Apple iOS versions prior to 4.2.10, update to version 4.2.10 or later. For Apple iOS versions 4.3.x prior to 4.3.5, update to version 4.3.5 or later.