CVE-2023-4807 — Expected Behavior Violation in Openssl
Severity
7.8HIGHNVD
EPSS
0.7%
top 28.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 8
Latest updateApr 7
Description
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications on the
Windows 64 platform when running on newer X86_64 processors supporting the
AVX512-IFMA instructions.
Impact summary: If in an application that uses the OpenSSL library an attacker
can influence whether the POLY1305 MAC algorithm is used, the application
state might be corrupted with various application dependent consequences.
The POLY1305 MAC …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages17 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-53wr-cx66-4578: Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications on t↗2023-09-08
OSV▶
CVE-2023-4807: Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications on t↗2023-09-08
📋Vendor Advisories
11CISA ICS▶
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update D)↗2026-04-07