Vulnerability Fixes
Software Name |
Software Version |
CVE ID |
CVSS Score |
Vulnerability Description |
Resolved In |
|---|---|---|---|---|---|
OpenSSL |
1.1.1n |
CVE-2023-0464 |
7.5 |
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. |
Kunpeng BoostKit 22.0.0.SPC5 |
OpenSSL |
1.1.1n |
CVE-2022-4304 |
5.9 |
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. |
Kunpeng BoostKit 22.0.0.SPC5 |
OpenSSL |
1.1.1k |
CVE-2022-0778 |
7.5 |
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. |
Kunpeng BoostKit 21.0.0.SPC1 |
OpenSSL |
1.1.1k |
CVE-2021-3712 |
7.4 |
If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). |
Kunpeng BoostKit 21.0.0 |
OpenSSL |
1.1.1k |
CVE-2021-3711 |
9.8 |
A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. |
Kunpeng BoostKit 21.0.0 |
musl |
1.2.0 |
CVE-2020-28928 |
5.5 |
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). |
Kunpeng BoostKit 21.0.0 |