Risk
Medium
Patch available
YES
Number of vulnerabilities
4
CVE ID
CVE-2021-23840CVE-2021-23841CVE-2021-3449CVE-2021-3450
CWE ID
CWE-20CWE-476CWE-254
Exploitation vector
Network
Public exploit
Public exploit code for vulnerability #3 is available.
Vulnerable softwareSubscribe
Gentoo LinuxOperating systems & Components / Operating system
Vendor
Gentoo
Security Advisory
1) Input validation error
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2021-23840
CWE-ID: CWE-20 - Improper Input Validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input during EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate calls. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Mitigation
Update the affected packages.dev-libs/openssl to version: 1.1.1k
Vulnerable software versions
Gentoo Linux: All versions
CPE
External links
https:// ..
Support the originator by clicking the read the rest link below.