Gentoo update for OpenSSL

Mar 31, 2021 02:01 pm Cyber Security 243
Published: 2021-03-31


Risk
Medium
Patch available
YES
Number of vulnerabilities
4
CVE ID
CVE-2021-23840CVE-2021-23841CVE-2021-3449CVE-2021-3450
CWE ID
CWE-20CWE-476CWE-254
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #3 is available.
Vulnerable softwareSubscribe
Gentoo LinuxOperating systems & Components / Operating system
Vendor
Gentoo

Security Advisory



1) Input validation error


Risk: Medium


CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]


CVE-ID: CVE-2021-23840


CWE-ID: CWE-20 - Improper Input Validation


Exploit availability: No


Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.


The vulnerability exists due to insufficient validation of user-supplied input during EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate calls. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


Mitigation

Update the affected packages.dev-libs/openssl to version: 1.1.1k


Vulnerable software versions

Gentoo Linux: All versions


CPE
External links

https:// ..

Support the originator by clicking the read the rest link below.

gentoo update openssl
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!