CVE-2023-5363

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 and 3.1

Description A bug has been identified in the processing of key and initialisation vector (IV) lengths, potentially leading to truncation or overruns during the initialisation of some symmetric ciphers. This issue can result in non-uniqueness, leading to loss of confidentiality for some cipher modes. The affected ciphers and modes include RC2, RC4, RC5, CCM, GCM, and OCB. Truncation of the IV in CCM, GCM, and OCB modes can lead to loss of confidentiality. For example, when following NIST's SP 800-38D guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. The EVP EncryptInit ex2(), EVP DecryptInit ex2(), and EVP CipherInit ex2() functions are impacted, and alterations to the key length via the keylen parameter or the IV length via the ivlen parameter within the OSSL PARAM array may not take effect as intended.

Recommendations For OpenSSL versions 3.0 and 3.1, update to a fixed version to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable EVP EncryptInit ex2(), EVP DecryptInit ex2(), and EVP CipherInit ex2() functions until a patch is available. Avoid using the keylen and ivlen parameters within the OSSL PARAM array to minimize the risk of exploitation.