Kunpeng BoostKit 22.0.0.SPC6
OpenSSL CVE-2023-4807 Vulnerability
Trouble Ticket No. |
DTS: DTS2023091102651 Vulnerability ID: HWPSIRT-2023-24621 |
|---|---|
Symptom |
The product involves a security vulnerability in OpenSSL 1.1.1n. The external CVE number is CVE-2023-4807. The POLY1305 MAC implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. |
Severity |
Minor |
Root Cause |
OpenSSL 1.1.1n used by the product has the CVE-2023-4807 vulnerability. |
Solution |
Use the OpenSSL software in which this vulnerability has been fixed. |
Impact |
None |
Test Suggestion |
Obtain the tag of OpenSSL 1.1.1n used for version build and compare it with the vulnerability fix list of the tag. If the list contains the CVE-2023-4807 vulnerability, the vulnerability has been fixed. |
OpenSSL CVE-2023-3817 Vulnerability
Trouble Ticket No. |
DTS: DTS2023080117905 Vulnerability ID: HWPSIRT-2023-48957 |
|---|---|
Symptom |
The product involves a security vulnerability in OpenSSL 1.1.1n. The external CVE number is CVE-2023-3817. Checking excessively long DH keys or parameters may be very slow. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. |
Severity |
Minor |
Root Cause |
OpenSSL 1.1.1n used by the product has the CVE-2023-3817 vulnerability. |
Solution |
Use the OpenSSL software in which this vulnerability has been fixed. |
Impact |
None |
Test Suggestion |
Obtain the tag of OpenSSL 1.1.1n used for version build and compare it with the vulnerability fix list of the tag. If the list contains the CVE-2023-3817 vulnerability, the vulnerability has been fixed. |
OpenSSL CVE-2023-3446 Vulnerability
Trouble Ticket No. |
DTS: DTS2023072002661 Vulnerability ID: HWPSIRT-2023-63472 |
|---|---|
Symptom |
The product involves a security vulnerability in OpenSSL 1.1.1n. The external CVE number is CVE-2023-3446. Checking excessively long DH keys or parameters may be very slow. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. The DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. |
Severity |
Minor |
Root Cause |
OpenSSL 1.1.1n used by the product has the CVE-2023-3446 vulnerability. |
Solution |
Use the OpenSSL software in which this vulnerability has been fixed. |
Impact |
None |
Test Suggestion |
Obtain the tag of OpenSSL 1.1.1n used for version build and compare it with the vulnerability fix list of the tag. If the list contains the CVE-2023-3446 vulnerability, the vulnerability has been fixed. |
Python CVE-2007-4559 Vulnerability
Trouble Ticket No. |
DTS: DTS2023080302426 Vulnerability ID: HWPSIRT-2019-14711 |
|---|---|
Symptom |
The product involves a security vulnerability in Python 3.9.11. The external CVE number is CVE-2007-4559. Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in file names in a TAR archive. |
Severity |
Minor |
Root Cause |
Python 3.9.11 used by the product has the CVE-2007-4559 vulnerability. |
Solution |
Use the Python software in which this vulnerability has been fixed. |
Impact |
None |
Test Suggestion |
Obtain the tag of Python 3.9.11 used for version build and compare it with the vulnerability fix list of the tag. If the list contains the CVE-2007-4559 vulnerability, the vulnerability has been fixed. |
Python CVE-2023-40217 Vulnerability
Trouble Ticket No. |
DTS: DTS2023102504815 Vulnerability ID: HWPSIRT-2023-92374 |
|---|---|
Symptom |
The product involves a security vulnerability in Python 3.9.11. The external CVE number is CVE-2023-40217. There is a brief window where the SSLSocket instance will detect the socket as "not connected" and will not initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. |
Severity |
Minor |
Root Cause |
Python 3.9.11 used by the product has the CVE-2023-40217 vulnerability. |
Solution |
Use the Python software in which this vulnerability has been fixed. |
Impact |
None |
Test Suggestion |
Obtain the tag of Python 3.9.11 used for version build and compare it with the vulnerability fix list of the tag. If the list contains the CVE-2023-40217 vulnerability, the vulnerability has been fixed. |