[RUSTSEC-2021-0057] Integer overflow in CipherUpdate

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow
the output length argument in some cases where the input length is close to the
maximum permissable length for an integer on the platform. In such cases the
return value from the function call will be 1 (indicating success), but the
output length value will be negative. This could cause applications to behave
incorrectly or crash.

Package	Affected Version
pkg:cargo/openssl-src	< 111.14

Package	Fixed Version
pkg:cargo/openssl-src	>= 111.14

ID

RUSTSEC-2021-0057

Severity

high

Severity from

CVE-2021-23840

Impact

Denial Of Service

URL

https://rustsec.org/advisories/RUSTSEC-2021-0057.html

Published

2021-05-01T00:00:00
(3 years ago)

Modified

2023-06-13T13:10:24
(15 months ago)

Other Advisories

Source	# ID	URL
		https://www.openssl.org/news/secadv/20210216.txt
crates.io	openssl-src	https://crates.io/crates/openssl-src
rustsec.org	openssl-src	https://rustsec.org/packages/openssl-src.html
Security Advisory	GHSA-qgm6-9472-pwq7	https://github.com/advisories/GHSA-qgm6-9472-pwq7

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Fixed	pkg:cargo/openssl-src		openssl-src	>= 111.14
Affected	pkg:cargo/openssl-src		openssl-src	< 111.14

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date