FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- AES-SIV implementation ignores empty associated data entries

Affected packages
openssl30 < 3.0.9_1
openssl31 < 3.1.1_1

Details

VuXML ID 41c60e16-2405-11ee-a0d1-84a93843eb75
Discovery 2023-07-14
Entry 2023-07-16

The OpenSSL project reports:

The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence.

[source]

References

CVE Name CVE-2023-2975
URL https://www.openssl.org/news/secadv/20230714.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.