CVE-2023-6129 — Expected Behavior Violation in Openssl
Severity
6.5MEDIUMNVD
OSV5.3
EPSS
2.5%
top 14.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 9
Latest updateFeb 13
Description
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU provides vector instructions.
Impact summary: If an attacker can influence whether the POLY1305 MAC
algorithm is used, the application state might be corrupted with various
application dependent consequences.
The POLY1305 MAC (message authentication code) implementation in OpenSSL for
PowerPC CPUs res…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 2.2 | Impact: 4.2
Affected Packages23 packages
Patches
🔴Vulnerability Details
4OSV▶
CVE-2023-6129: Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications runn↗2024-01-09
GHSA▶
GHSA-rj8q-prqp-jwfg: Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications runn↗2024-01-09
OSV▶
CVE-2023-6129: Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications runn↗2024-01-09