NVD Vulnerability Detail
Search Exploit, PoC
CVE-2023-5363
Summary

Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths. This can lead to potential truncation
or overruns during the initialisation of some symmetric ciphers.

Impact summary: A truncation in the IV can result in non-uniqueness,
which could result in loss of confidentiality for some cipher modes.

When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after
the key and IV have been established. Any alterations to the key length,
via the "keylen" parameter or the IV length, via the "ivlen" parameter,
within the OSSL_PARAM array will not take effect as intended, potentially
causing truncation or overreading of these values. The following ciphers
and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

For the CCM, GCM and OCB cipher modes, truncation of the IV can result in
loss of confidentiality. For example, when following NIST's SP 800-38D
section 8.2.1 guidance for constructing a deterministic IV for AES in
GCM mode, truncation of the counter portion could lead to IV reuse.

Both truncations and overruns of the key and overruns of the IV will
produce incorrect results and could, in some cases, trigger a memory
exception. However, these issues are not currently assessed as security
critical.

Changing the key and/or IV lengths is not considered to be a common operation
and the vulnerable API was recently introduced. Furthermore it is likely that
application developers will have spotted this problem during testing since
decryption would fail unless both peers in the communication were similarly
vulnerable. For these reasons we expect the probability of an application being
vulnerable to this to be quite low. However if an application is vulnerable then
this issue is considered very serious. For these reasons we have assessed this
issue as Moderate severity overall.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because
the issue lies outside of the FIPS provider boundary.

OpenSSL 3.1 and 3.0 are vulnerable to this issue.

Publication Date Oct. 26, 2023, 3:17 a.m.
Registration Date Oct. 26, 2023, 10:01 a.m.
Last Update Nov. 21, 2024, 5:41 p.m.
CVSS3.1 : HIGH
スコア 7.5
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
攻撃元区分(AV) ネットワーク
攻撃条件の複雑さ(AC)
攻撃に必要な特権レベル(PR) 不要
利用者の関与(UI) 不要
影響の想定範囲(S) 変更なし
機密性への影響(C)
完全性への影響(I) なし
可用性への影響(A) なし
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 3.0.0 3.0.12
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* 3.1.0 3.1.4
Configuration2 or higher or less more than less than
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h300s:*:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h410s:*:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h500s:*:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h700s:*:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List
JVN Vulnerability Information
OpenSSL における暗号鍵と初期化ベクトルの長さに関する処理の問題(OpenSSL Security Advisory [24th October 2023])
Title OpenSSL における暗号鍵と初期化ベクトルの長さに関する処理の問題(OpenSSL Security Advisory [24th October 2023])
Summary

OpenSSL Project より、<a href="https://www.openssl.org/news/secadv/20231024.txt"target="blank">OpenSSL Security Advisory [24th October 2023]</a> が公開されました。 深刻度 - 中(Severity: Moderate) OpenSSL には、鍵と IV (Initialization Vector)の長さに関する処理に問題があり、一部の共通鍵暗号の初期化時に切り捨てやオーバーフローが発生する可能性があります。 OpenSSL の EVP_EncryptInit_ex2() 、 EVP_DecryptInit_ex2() 、または EVP_CipherInit_ex2() を呼び出す場合、鍵と IV が確立された後に、提供された OSSL_PARAM 配列が処理されますが、OSSL_PARAM 配列内で、keylen パラメータや ivlen パラメータによって鍵の長さや IV の長さを変更しても、意図したとおりに反映されません。 RC2、RC4、RC5、CCM、GCM、OCB の暗号および暗号化モードが本脆弱性の影響を受けます。 なお、OpenSSL Project は、OpenSSL SSL/TLS 実装および、OpenSSL 3.0 と 3.1 の FIPS プロバイダは本脆弱性の影響を受けないとしています。

Possible impacts 鍵や IV の切り捨てが機密性の損失につながったり、オーバーフローによって不正な結果を生成しメモリ例外を引き起こす可能性があります。  
Solution

[アップデートする] 本脆弱性を修正した以下のバージョンがリリースされました。  * OpenSSL 3.0.12  * OpenSSL 3.1.4

Publication Date Oct. 25, 2023, midnight
Registration Date Oct. 26, 2023, 3:36 p.m.
Last Update June 16, 2025, 3:36 p.m.
Affected System
OpenSSL Project
OpenSSL 3.0
OpenSSL 3.1
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
No Changed Details Date of change
7 [2025年04月14日]
  参考情報:JVN (JJVNVU#90506697) を追加
  参考情報:ICS-CERT ADVISORY (ICSA-25-100-02) を追加		 April 14, 2025, 1:45 p.m.
6 [2025年02月18日]
  参考情報:JVN (JVNVU#95962757) を追加
  参考情報:ICS-CERT ADVISORY (ICSA-25-044-09) を追加		 Feb. 18, 2025, 11:31 a.m.
4 [2024年09月17日]
  ベンダ情報:日立 (hitachi-sec-2024-145) を追加		 Sept. 17, 2024, 1:36 p.m.
5 [2024年11月18日]
  参考情報:JVN (JVNVU#96191615) を追加
  参考情報:ICS-CERT ADVISORY (ICSA-24-319-04) を追加
 Nov. 18, 2024, 4:03 p.m.
3 [2024年05月20日]
  参考情報:JVN (JVNVU#90955260) を追加
  参考情報:ICS-CERT ADVISORY (ICSA-24-137-07) を追加		 May 20, 2024, 1:50 p.m.
8 [2025年06月16日]
  参考情報:JVN (JVNVU#96443907) を追加
  参考情報:ICS-CERT ADVISORY (ICSA-25-162-05) を追加		 June 16, 2025, 12:12 p.m.
1 [2023年10月26日]   掲載 Oct. 26, 2023, 1:42 p.m.
2 [2024年05月07日]
  CVSS による深刻度:内容を更新
  CWE による脆弱性タイプ一覧:内容を更新
  参考情報:National Vulnerability Database (NVD) (CVE-2023-5363) を追加		 May 7, 2024, 2:09 p.m.