csaf_opensuse - opensuse-su-2024:14416-1

Vulnerability from csaf_opensuse

Published

2024-10-20 00:00

Modified

2024-10-20 00:00

Summary

libopenssl-3-devel-3.1.4-15.1 on GA media

Notes

Title of the patch

libopenssl-3-devel-3.1.4-15.1 on GA media

Description of the patch

These are all security issues fixed in the libopenssl-3-devel-3.1.4-15.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-14416

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "libopenssl-3-devel-3.1.4-15.1 on GA media",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "These are all security issues fixed in the libopenssl-3-devel-3.1.4-15.1 package on the GA media of openSUSE Tumbleweed.",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "openSUSE-Tumbleweed-2024-14416",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14416-1.json",
         },
         {
            category: "self",
            summary: "URL for openSUSE-SU-2024:14416-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZAEWAWTQ662APXDOVFSO6WSPPJ73EELU/",
         },
         {
            category: "self",
            summary: "E-Mail link for openSUSE-SU-2024:14416-1",
            url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZAEWAWTQ662APXDOVFSO6WSPPJ73EELU/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2023-50782 page",
            url: "https://www.suse.com/security/cve/CVE-2023-50782/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2024-9143 page",
            url: "https://www.suse.com/security/cve/CVE-2024-9143/",
         },
      ],
      title: "libopenssl-3-devel-3.1.4-15.1 on GA media",
      tracking: {
         current_release_date: "2024-10-20T00:00:00Z",
         generator: {
            date: "2024-10-20T00:00:00Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "openSUSE-SU-2024:14416-1",
         initial_release_date: "2024-10-20T00:00:00Z",
         revision_history: [
            {
               date: "2024-10-20T00:00:00Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.1.4-15.1.aarch64",
                        product: {
                           name: "libopenssl-3-devel-3.1.4-15.1.aarch64",
                           product_id: "libopenssl-3-devel-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                        product: {
                           name: "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                           product_id: "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                        product: {
                           name: "libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                           product_id: "libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                        product: {
                           name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                           product_id: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                        product: {
                           name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                           product_id: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.1.4-15.1.aarch64",
                        product: {
                           name: "libopenssl3-3.1.4-15.1.aarch64",
                           product_id: "libopenssl3-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-32bit-3.1.4-15.1.aarch64",
                        product: {
                           name: "libopenssl3-32bit-3.1.4-15.1.aarch64",
                           product_id: "libopenssl3-32bit-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                        product: {
                           name: "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                           product_id: "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.1.4-15.1.aarch64",
                        product: {
                           name: "openssl-3-3.1.4-15.1.aarch64",
                           product_id: "openssl-3-3.1.4-15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-doc-3.1.4-15.1.aarch64",
                        product: {
                           name: "openssl-3-doc-3.1.4-15.1.aarch64",
                           product_id: "openssl-3-doc-3.1.4-15.1.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.1.4-15.1.ppc64le",
                        product: {
                           name: "libopenssl-3-devel-3.1.4-15.1.ppc64le",
                           product_id: "libopenssl-3-devel-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                        product: {
                           name: "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                           product_id: "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                        product: {
                           name: "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                           product_id: "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                        product: {
                           name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                           product_id: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                        product: {
                           name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                           product_id: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.1.4-15.1.ppc64le",
                        product: {
                           name: "libopenssl3-3.1.4-15.1.ppc64le",
                           product_id: "libopenssl3-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-32bit-3.1.4-15.1.ppc64le",
                        product: {
                           name: "libopenssl3-32bit-3.1.4-15.1.ppc64le",
                           product_id: "libopenssl3-32bit-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                        product: {
                           name: "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                           product_id: "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.1.4-15.1.ppc64le",
                        product: {
                           name: "openssl-3-3.1.4-15.1.ppc64le",
                           product_id: "openssl-3-3.1.4-15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-doc-3.1.4-15.1.ppc64le",
                        product: {
                           name: "openssl-3-doc-3.1.4-15.1.ppc64le",
                           product_id: "openssl-3-doc-3.1.4-15.1.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.1.4-15.1.s390x",
                        product: {
                           name: "libopenssl-3-devel-3.1.4-15.1.s390x",
                           product_id: "libopenssl-3-devel-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                        product: {
                           name: "libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                           product_id: "libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                        product: {
                           name: "libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                           product_id: "libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                        product: {
                           name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                           product_id: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                        product: {
                           name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                           product_id: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.1.4-15.1.s390x",
                        product: {
                           name: "libopenssl3-3.1.4-15.1.s390x",
                           product_id: "libopenssl3-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-32bit-3.1.4-15.1.s390x",
                        product: {
                           name: "libopenssl3-32bit-3.1.4-15.1.s390x",
                           product_id: "libopenssl3-32bit-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                        product: {
                           name: "libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                           product_id: "libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.1.4-15.1.s390x",
                        product: {
                           name: "openssl-3-3.1.4-15.1.s390x",
                           product_id: "openssl-3-3.1.4-15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-doc-3.1.4-15.1.s390x",
                        product: {
                           name: "openssl-3-doc-3.1.4-15.1.s390x",
                           product_id: "openssl-3-doc-3.1.4-15.1.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-3.1.4-15.1.x86_64",
                        product: {
                           name: "libopenssl-3-devel-3.1.4-15.1.x86_64",
                           product_id: "libopenssl-3-devel-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                        product: {
                           name: "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                           product_id: "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                        product: {
                           name: "libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                           product_id: "libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                        product: {
                           name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                           product_id: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                        product: {
                           name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                           product_id: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-3.1.4-15.1.x86_64",
                        product: {
                           name: "libopenssl3-3.1.4-15.1.x86_64",
                           product_id: "libopenssl3-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-32bit-3.1.4-15.1.x86_64",
                        product: {
                           name: "libopenssl3-32bit-3.1.4-15.1.x86_64",
                           product_id: "libopenssl3-32bit-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                        product: {
                           name: "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                           product_id: "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-3.1.4-15.1.x86_64",
                        product: {
                           name: "openssl-3-3.1.4-15.1.x86_64",
                           product_id: "openssl-3-3.1.4-15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "openssl-3-doc-3.1.4-15.1.x86_64",
                        product: {
                           name: "openssl-3-doc-3.1.4-15.1.x86_64",
                           product_id: "openssl-3-doc-3.1.4-15.1.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "openSUSE Tumbleweed",
                        product: {
                           name: "openSUSE Tumbleweed",
                           product_id: "openSUSE Tumbleweed",
                           product_identification_helper: {
                              cpe: "cpe:/o:opensuse:tumbleweed",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
            },
            product_reference: "libopenssl-3-devel-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
            },
            product_reference: "libopenssl-3-devel-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
            },
            product_reference: "libopenssl-3-devel-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
            },
            product_reference: "libopenssl-3-devel-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
            },
            product_reference: "libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
            },
            product_reference: "libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-32bit-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
            },
            product_reference: "libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
            },
            product_reference: "libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
            },
            product_reference: "libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
            },
            product_reference: "libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
            },
            product_reference: "libopenssl-3-fips-provider-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
            },
            product_reference: "libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
            },
            product_reference: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
            },
            product_reference: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
            },
            product_reference: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
            },
            product_reference: "libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
            },
            product_reference: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
            },
            product_reference: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
            },
            product_reference: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
            },
            product_reference: "libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
            },
            product_reference: "libopenssl3-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
            },
            product_reference: "libopenssl3-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
            },
            product_reference: "libopenssl3-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
            },
            product_reference: "libopenssl3-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-32bit-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
            },
            product_reference: "libopenssl3-32bit-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-32bit-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
            },
            product_reference: "libopenssl3-32bit-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-32bit-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
            },
            product_reference: "libopenssl3-32bit-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-32bit-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
            },
            product_reference: "libopenssl3-32bit-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
            },
            product_reference: "libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
            },
            product_reference: "libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-x86-64-v3-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
            },
            product_reference: "libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
            },
            product_reference: "libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
            },
            product_reference: "openssl-3-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
            },
            product_reference: "openssl-3-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
            },
            product_reference: "openssl-3-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
            },
            product_reference: "openssl-3-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-doc-3.1.4-15.1.aarch64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
            },
            product_reference: "openssl-3-doc-3.1.4-15.1.aarch64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-doc-3.1.4-15.1.ppc64le as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
            },
            product_reference: "openssl-3-doc-3.1.4-15.1.ppc64le",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-doc-3.1.4-15.1.s390x as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
            },
            product_reference: "openssl-3-doc-3.1.4-15.1.s390x",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "openssl-3-doc-3.1.4-15.1.x86_64 as component of openSUSE Tumbleweed",
               product_id: "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64",
            },
            product_reference: "openssl-3-doc-3.1.4-15.1.x86_64",
            relates_to_product_reference: "openSUSE Tumbleweed",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-50782",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2023-50782",
            },
         ],
         notes: [
            {
               category: "general",
               text: "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2023-50782",
               url: "https://www.suse.com/security/cve/CVE-2023-50782",
            },
            {
               category: "external",
               summary: "SUSE Bug 1218043 for CVE-2023-50782",
               url: "https://bugzilla.suse.com/1218043",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-10-20T00:00:00Z",
               details: "moderate",
            },
         ],
         title: "CVE-2023-50782",
      },
      {
         cve: "CVE-2024-9143",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2024-9143",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted\nexplicit values for the field polynomial can lead to out-of-bounds memory reads\nor writes.\n\nImpact summary: Out of bound memory writes can lead to an application crash or\neven a possibility of a remote code execution, however, in all the protocols\ninvolving Elliptic Curve Cryptography that we're aware of, either only \"named\ncurves\" are supported, or, if explicit curve parameters are supported, they\nspecify an X9.62 encoding of binary (GF(2^m)) curves that can't represent\nproblematic input values. Thus the likelihood of existence of a vulnerable\napplication is low.\n\nIn particular, the X9.62 encoding is used for ECC keys in X.509 certificates,\nso problematic inputs cannot occur in the context of processing X.509\ncertificates.  Any problematic use-cases would have to be using an \"exotic\"\ncurve encoding.\n\nThe affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),\nand various supporting BN_GF2m_*() functions.\n\nApplications working with \"exotic\" explicit binary (GF(2^m)) curve parameters,\nthat make it possible to represent invalid field polynomials with a zero\nconstant term, via the above or similar APIs, may terminate abruptly as a\nresult of reading or writing outside of array bounds.  Remote code execution\ncannot easily be ruled out.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
               "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
               "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
               "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
               "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2024-9143",
               url: "https://www.suse.com/security/cve/CVE-2024-9143",
            },
            {
               category: "external",
               summary: "SUSE Bug 1231741 for CVE-2024-9143",
               url: "https://bugzilla.suse.com/1231741",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                  version: "3.1",
               },
               products: [
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-devel-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-32bit-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:openssl-3-3.1.4-15.1.x86_64",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.aarch64",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.ppc64le",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.s390x",
                  "openSUSE Tumbleweed:openssl-3-doc-3.1.4-15.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2024-10-20T00:00:00Z",
               details: "important",
            },
         ],
         title: "CVE-2024-9143",
      },
   ],
}

cve-2024-9143

Vulnerability from cvelistv5

Published

2024-10-16 17:09

Modified

2024-11-08 15:30

Severity ?

Summary

Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

References

▼	URL	Tags
	https://openssl-library.org/news/secadv/20241016.txt	vendor-advisory
	https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4	patch
	https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700	patch
	https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154	patch
	https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712	patch
	https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a	patch
	https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41	patch

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: 3.3.0 ≤ Version: 3.2.0 ≤ Version: 3.1.0 ≤ Version: 3.0.0 ≤ Version: 1.1.1 < 1.1.1zb Version: 1.0.2 < 1.0.2zl

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 4.3,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "NONE",
                     integrityImpact: "LOW",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2024-9143",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-16T19:45:11.544020Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-08T15:30:04.030Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-11-01T17:03:16.065Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "http://www.openwall.com/lists/oss-security/2024/10/16/1",
               },
               {
                  url: "http://www.openwall.com/lists/oss-security/2024/10/23/1",
               },
               {
                  url: "http://www.openwall.com/lists/oss-security/2024/10/24/1",
               },
               {
                  url: "https://security.netapp.com/advisory/ntap-20241101-0001/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "OpenSSL",
               vendor: "OpenSSL",
               versions: [
                  {
                     lessThan: "3.3.3",
                     status: "affected",
                     version: "3.3.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "3.2.4",
                     status: "affected",
                     version: "3.2.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "3.1.8",
                     status: "affected",
                     version: "3.1.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "3.0.16",
                     status: "affected",
                     version: "3.0.0",
                     versionType: "semver",
                  },
                  {
                     lessThan: "1.1.1zb",
                     status: "affected",
                     version: "1.1.1",
                     versionType: "custom",
                  },
                  {
                     lessThan: "1.0.2zl",
                     status: "affected",
                     version: "1.0.2",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Google OSS-Fuzz-Gen",
            },
            {
               lang: "en",
               type: "remediation developer",
               value: "Viktor Dukhovni",
            },
         ],
         datePublic: "2024-10-16T14:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted<br>explicit values for the field polynomial can lead to out-of-bounds memory reads<br>or writes.<br><br>Impact summary: Out of bound memory writes can lead to an application crash or<br>even a possibility of a remote code execution, however, in all the protocols<br>involving Elliptic Curve Cryptography that we're aware of, either only \"named<br>curves\" are supported, or, if explicit curve parameters are supported, they<br>specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent<br>problematic input values. Thus the likelihood of existence of a vulnerable<br>application is low.<br><br>In particular, the X9.62 encoding is used for ECC keys in X.509 certificates,<br>so problematic inputs cannot occur in the context of processing X.509<br>certificates.  Any problematic use-cases would have to be using an \"exotic\"<br>curve encoding.<br><br>The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),<br>and various supporting BN_GF2m_*() functions.<br><br>Applications working with \"exotic\" explicit binary (GF(2^m)) curve parameters,<br>that make it possible to represent invalid field polynomials with a zero<br>constant term, via the above or similar APIs, may terminate abruptly as a<br>result of reading or writing outside of array bounds.  Remote code execution<br>cannot easily be ruled out.<br><br>The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
                  },
               ],
               value: "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted\nexplicit values for the field polynomial can lead to out-of-bounds memory reads\nor writes.\n\nImpact summary: Out of bound memory writes can lead to an application crash or\neven a possibility of a remote code execution, however, in all the protocols\ninvolving Elliptic Curve Cryptography that we're aware of, either only \"named\ncurves\" are supported, or, if explicit curve parameters are supported, they\nspecify an X9.62 encoding of binary (GF(2^m)) curves that can't represent\nproblematic input values. Thus the likelihood of existence of a vulnerable\napplication is low.\n\nIn particular, the X9.62 encoding is used for ECC keys in X.509 certificates,\nso problematic inputs cannot occur in the context of processing X.509\ncertificates.  Any problematic use-cases would have to be using an \"exotic\"\ncurve encoding.\n\nThe affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),\nand various supporting BN_GF2m_*() functions.\n\nApplications working with \"exotic\" explicit binary (GF(2^m)) curve parameters,\nthat make it possible to represent invalid field polynomials with a zero\nconstant term, via the above or similar APIs, may terminate abruptly as a\nresult of reading or writing outside of array bounds.  Remote code execution\ncannot easily be ruled out.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
            },
         ],
         metrics: [
            {
               format: "other",
               other: {
                  content: {
                     text: "Low",
                  },
                  type: "https://openssl-library.org/policies/general/security-policy/",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "CWE-787 Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-10-16T17:09:23.844Z",
            orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
            shortName: "openssl",
         },
         references: [
            {
               name: "OpenSSL Advisory",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://openssl-library.org/news/secadv/20241016.txt",
            },
            {
               name: "3.3.3 git commit",
               tags: [
                  "patch",
               ],
               url: "https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4",
            },
            {
               name: "3.2.4 git commit",
               tags: [
                  "patch",
               ],
               url: "https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700",
            },
            {
               name: "3.1.8 git commit",
               tags: [
                  "patch",
               ],
               url: "https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154",
            },
            {
               name: "3.0.16 git commit",
               tags: [
                  "patch",
               ],
               url: "https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712",
            },
            {
               name: "1.1.1zb git commit",
               tags: [
                  "patch",
               ],
               url: "https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a",
            },
            {
               name: "1.0.2zl git commit",
               tags: [
                  "patch",
               ],
               url: "https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Low-level invalid GF(2^m) parameters lead to OOB memory access",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
      assignerShortName: "openssl",
      cveId: "CVE-2024-9143",
      datePublished: "2024-10-16T17:09:23.844Z",
      dateReserved: "2024-09-24T08:37:04.834Z",
      dateUpdated: "2024-11-08T15:30:04.030Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-50782

Vulnerability from cvelistv5

Published

2024-02-05 20:45

Modified

2024-11-25 10:24

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

References

▼	URL	Tags
	https://access.redhat.com/security/cve/CVE-2023-50782	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2254432	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 3.2 ≤

Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat Satellite 6	cpe:/a:redhat:satellite:6
Red Hat	Red Hat Update Infrastructure 4 for Cloud Providers	cpe:/a:redhat:rhui:4::el8

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T22:23:43.327Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vdb-entry",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/CVE-2023-50782",
               },
               {
                  name: "RHBZ#2254432",
                  tags: [
                     "issue-tracking",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254432",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.couchbase.com/alerts/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://github.com/pyca/cryptography",
               defaultStatus: "unaffected",
               packageName: "python-cryptography",
               versions: [
                  {
                     lessThan: "42.0.0",
                     status: "affected",
                     version: "3.2",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:ansible_automation_platform:2",
               ],
               defaultStatus: "unaffected",
               packageName: "python-cryptography",
               product: "Red Hat Ansible Automation Platform 2",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unknown",
               packageName: "python-cryptography",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:8",
               ],
               defaultStatus: "affected",
               packageName: "python39:3.9/python-cryptography",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:8",
               ],
               defaultStatus: "affected",
               packageName: "python-cryptography",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:9",
               ],
               defaultStatus: "affected",
               packageName: "python-cryptography",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:satellite:6",
               ],
               defaultStatus: "unaffected",
               packageName: "python-cryptography",
               product: "Red Hat Satellite 6",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:rhui:4::el8",
               ],
               defaultStatus: "affected",
               packageName: "python-cryptography",
               product: "Red Hat Update Infrastructure 4 for Cloud Providers",
               vendor: "Red Hat",
            },
         ],
         credits: [
            {
               lang: "en",
               value: "This issue was discovered by Hubert Kario (Red Hat).",
            },
         ],
         datePublic: "2023-12-13T00:00:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-208",
                     description: "Observable Timing Discrepancy",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-25T10:24:46.647Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2023-50782",
            },
            {
               name: "RHBZ#2254432",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254432",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2023-12-13T00:00:00+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2023-12-13T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659",
         workarounds: [
            {
               lang: "en",
               value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
            },
         ],
         x_redhatCweChain: "CWE-327->CWE-385->CWE-208: Use of a Broken or Risky Cryptographic Algorithm leads to Covert Timing Channel leads to Observable Timing Discrepancy",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2023-50782",
      datePublished: "2024-02-05T20:45:49.705Z",
      dateReserved: "2023-12-13T20:44:02.023Z",
      dateUpdated: "2024-11-25T10:24:46.647Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_opensuse

cve-2024-9143

Vulnerability from cvelistv5

cve-2023-50782

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature