Vulnerability-Lookup

WID-SEC-W-2023-2741

Vulnerability from csaf_certbund - Published: 2023-10-24 22:00 - Updated: 2025-06-10 22:00

Summary

OpenSSL: Schwachstelle ermöglicht Offenlegung von Informationen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: OpenSSL ist eine im Quelltext frei verfügbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2023-5363

Affected products

Known affected 32 products

Product	Identifier	Version
IBM App Connect Enterprise 11.0.0.1-11.0.0.23 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:11.0.0.1_-_11.0.0.23`	11.0.0.1-11.0.0.23
IBM App Connect Enterprise 12.0.1.0-12.0.10.0 IBM / App Connect Enterprise	`cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0`	12.0.1.0-12.0.10.0
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Hitachi Command Suite Hitachi	`cpe:/a:hitachi:command_suite:-`	—
Dell Computer Dell	`cpe:/o:dell:dell_computer:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
IBM AIX 7.3 IBM / AIX	`cpe:/o:ibm:aix:7.3`	7.3
HPE HP-UX OpenSSL Software <A.03.00.15.001 HPE / HP-UX		OpenSSL Software <A.03.00.15.001
Hitachi Configuration Manager Hitachi	`cpe:/a:hitachi:configuration_manager:-`	—
Siemens SIMATIC S7 1500 CPU Siemens / SIMATIC S7	`cpe:/h:siemens:simatic_s7:1500_cpu`	1500 CPU
Open Source Alpine Linux <3.16.8 Open Source / Alpine Linux		<3.16.8
Meinberg LANTIME <7.08.007 Meinberg / LANTIME		<7.08.007
Open Source nmap <7.95 Open Source / nmap		<7.95
Open Source Alpine Linux <3.18.5 Open Source / Alpine Linux		<3.18.5
Open Source OpenSSL <3.1.4 Open Source / OpenSSL		<3.1.4
Open Source Alpine Linux <3.17.6 Open Source / Alpine Linux		<3.17.6
Ubuntu Linux <23.04 Ubuntu / Linux		<23.04
Ubuntu Linux <23.10 Ubuntu / Linux		<23.10
IBM AIX 7.2 IBM / AIX	`cpe:/o:ibm:aix:7.2`	7.2
Debian Linux <3.0.11-1~deb12u2 Debian / Linux		<3.0.11-1~deb12u2
Checkmk Checkmk <2.2.0p24 tribe29 / checkmk		<2.2.0p24
Ubuntu Linux <22.04 LTS Ubuntu / Linux		<22.04 LTS
IBM VIOS 3.1 IBM / VIOS	`cpe:/a:ibm:vios:3.1`	3.1
IBM VIOS 4.1 IBM / VIOS	`cpe:/a:ibm:vios:4.1`	4.1
IBM Rational ClearCase 10.0.1 IBM / Rational ClearCase	`cpe:/a:ibm:rational_clearcase:10.0.1`	10.0.1
Xerox FreeFlow Print Server v9 Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9`	v9
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—
Hitachi Ops Center Hitachi	`cpe:/a:hitachi:ops_center:-`	—
IBM Rational ClearCase 9.1 IBM / Rational ClearCase	`cpe:/a:ibm:rational_clearcase:9.1`	9.1
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Open Source Alpine Linux <3.15.11 Open Source / Alpine Linux		<3.15.11
Open Source OpenSSL <3.0.12 Open Source / OpenSSL		<3.0.12

References

27 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.openssl.org/news/secadv/20231024.txt	external
https://lists.debian.org/debian-security-announce…	external
https://ubuntu.com/security/notices/USN-6450-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.alpinelinux.org/~alpine/announce/%3…	external
https://www.ibm.com/support/pages/node/7108818	external
https://access.redhat.com/errata/RHSA-2024:0310	external
https://linux.oracle.com/errata/ELSA-2024-12093.html	external
https://access.redhat.com/errata/RHSA-2024:0500	external
https://www.ibm.com/support/pages/node/7111837	external
https://www.meinberg.de/german/news/meinberg-secu…	external
https://checkmk.com/werk/16362	external
https://www.ibm.com/support/pages/node/7130799	external
https://access.redhat.com/errata/RHSA-2024:1383	external
https://bodhi.fedoraproject.org/updates/FEDORA-EP…	external
https://nmap.org/changelog.html	external
https://nmap.org/changelog.html	external
https://access.redhat.com/errata/RHSA-2024:2094	external
https://access.redhat.com/errata/RHSA-2024:4631	external
https://www.hitachi.com/products/it/software/secu…	external
https://www.dell.com/support/kbdoc/de-de/00022621…	external
https://support.hpe.com/hpesc/public/docDisplay?d…	external
https://securitydocs.business.xerox.com/wp-conten…	external
https://cert-portal.siemens.com/productcert/html/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2741 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2741.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2741 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2741"
      },
      {
        "category": "external",
        "summary": "OpenSSL Security Advisory 24th October 2023 vom 2023-10-24",
        "url": "https://www.openssl.org/news/secadv/20231024.txt"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5532 vom 2023-10-24",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00228.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6450-1 vom 2023-10-24",
        "url": "https://ubuntu.com/security/notices/USN-6450-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4189-1 vom 2023-10-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016835.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4190-1 vom 2023-10-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016834.html"
      },
      {
        "category": "external",
        "summary": "Alpine Linux Announce",
        "url": "https://lists.alpinelinux.org/~alpine/announce/%3C20231130143056.32eea5cf%40ncopa-desktop.lan%3E"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7108818 vom 2024-01-18",
        "url": "https://www.ibm.com/support/pages/node/7108818"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0310 vom 2024-01-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:0310"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12093 vom 2024-01-26",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12093.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:0500 vom 2024-01-25",
        "url": "https://access.redhat.com/errata/RHSA-2024:0500"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7111837 vom 2024-01-26",
        "url": "https://www.ibm.com/support/pages/node/7111837"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory",
        "url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-01-lantime-firmware-v7-08-007.htm"
      },
      {
        "category": "external",
        "summary": "CheckMK Werk  16362 vom 2024-03-01",
        "url": "https://checkmk.com/werk/16362"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7130799 vom 2024-03-13",
        "url": "https://www.ibm.com/support/pages/node/7130799"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1383 vom 2024-03-19",
        "url": "https://access.redhat.com/errata/RHSA-2024:1383"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-B002585DD2 vom 2024-04-22",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-b002585dd2"
      },
      {
        "category": "external",
        "summary": "Nmap Change Log",
        "url": "https://nmap.org/changelog.html"
      },
      {
        "category": "external",
        "summary": "NMAP Changelog",
        "url": "https://nmap.org/changelog.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2094 vom 2024-05-01",
        "url": "https://access.redhat.com/errata/RHSA-2024:2094"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:4631"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2024-145 vom 2024-09-17",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-145/index.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-281 vom 2024-10-15",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226215/dsa-2024-281-security-update-for-dell-client-platform-for-multiple-openssl-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "HPE Security Bulletin vom 2024-11-14",
        "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbux04744en_us\u0026docLocale=en_US"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21",
        "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
      },
      {
        "category": "external",
        "summary": "Siemens Security Advisory SSA-082556 vom 2025-06-10",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
      }
    ],
    "source_lang": "en-US",
    "title": "OpenSSL: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2025-06-10T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-11T06:22:59.946+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2023-2741",
      "initial_release_date": "2023-10-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-11-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-01-18T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-21T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-01-25T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2024-01-30T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Meinberg aufgenommen"
        },
        {
          "date": "2024-03-03T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von tribe29 aufgenommen"
        },
        {
          "date": "2024-03-13T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-03-19T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-22T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-04-23T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-04-28T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2024-05-01T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-09-16T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von HITACHI aufgenommen"
        },
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-11-14T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2024-11-21T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von XEROX aufgenommen"
        },
        {
          "date": "2025-06-10T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Siemens aufgenommen"
        }
      ],
      "status": "final",
      "version": "19"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.0.11-1~deb12u2",
                "product": {
                  "name": "Debian Linux \u003c3.0.11-1~deb12u2",
                  "product_id": "T030734"
                }
              },
              {
                "category": "product_version",
                "name": "3.0.11-1~deb12u2",
                "product": {
                  "name": "Debian Linux 3.0.11-1~deb12u2",
                  "product_id": "T030734-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:debian:debian_linux:3.0.11-1deb12u2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Computer",
            "product": {
              "name": "Dell Computer",
              "product_id": "T036868",
              "product_identification_helper": {
                "cpe": "cpe:/o:dell:dell_computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "OpenSSL Software \u003cA.03.00.15.001",
                "product": {
                  "name": "HPE HP-UX OpenSSL Software \u003cA.03.00.15.001",
                  "product_id": "T039192"
                }
              },
              {
                "category": "product_version",
                "name": "OpenSSL Software A.03.00.15.001",
                "product": {
                  "name": "HPE HP-UX OpenSSL Software A.03.00.15.001",
                  "product_id": "T039192-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:hp:hp-ux:openssl_software__a.03.00.15.001"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "HP-UX"
          }
        ],
        "category": "vendor",
        "name": "HPE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Hitachi Command Suite",
            "product": {
              "name": "Hitachi Command Suite",
              "product_id": "T010951",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:command_suite:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Configuration Manager",
            "product": {
              "name": "Hitachi Configuration Manager",
              "product_id": "T020304",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:configuration_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Hitachi Ops Center",
            "product": {
              "name": "Hitachi Ops Center",
              "product_id": "T017562",
              "product_identification_helper": {
                "cpe": "cpe:/a:hitachi:ops_center:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Hitachi"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.3",
                "product": {
                  "name": "IBM AIX 7.3",
                  "product_id": "1139691",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.2",
                "product": {
                  "name": "IBM AIX 7.2",
                  "product_id": "434967",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AIX"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.0.1.0-12.0.10.0",
                "product": {
                  "name": "IBM App Connect Enterprise 12.0.1.0-12.0.10.0",
                  "product_id": "T032246",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "11.0.0.1-11.0.0.23",
                "product": {
                  "name": "IBM App Connect Enterprise 11.0.0.1-11.0.0.23",
                  "product_id": "T032247",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:11.0.0.1_-_11.0.0.23"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.1",
                "product": {
                  "name": "IBM Rational ClearCase 9.1",
                  "product_id": "T021423",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:9.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.0.1",
                "product": {
                  "name": "IBM Rational ClearCase 10.0.1",
                  "product_id": "T033483",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:10.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational ClearCase"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.1",
                "product": {
                  "name": "IBM VIOS 3.1",
                  "product_id": "1039165",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:vios:3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "4.1",
                "product": {
                  "name": "IBM VIOS 4.1",
                  "product_id": "1522854",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:vios:4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "VIOS"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.08.007",
                "product": {
                  "name": "Meinberg LANTIME \u003c7.08.007",
                  "product_id": "T032435"
                }
              },
              {
                "category": "product_version",
                "name": "7.08.007",
                "product": {
                  "name": "Meinberg LANTIME 7.08.007",
                  "product_id": "T032435-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:meinberg:lantime:7.08.007"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LANTIME"
          }
        ],
        "category": "vendor",
        "name": "Meinberg"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.15.11",
                "product": {
                  "name": "Open Source Alpine Linux \u003c3.15.11",
                  "product_id": "T031419"
                }
              },
              {
                "category": "product_version",
                "name": "3.15.11",
                "product": {
                  "name": "Open Source Alpine Linux 3.15.11",
                  "product_id": "T031419-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:alpinelinux:alpine_linux:3.15.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.16.8",
                "product": {
                  "name": "Open Source Alpine Linux \u003c3.16.8",
                  "product_id": "T031421"
                }
              },
              {
                "category": "product_version",
                "name": "3.16.8",
                "product": {
                  "name": "Open Source Alpine Linux 3.16.8",
                  "product_id": "T031421-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:alpinelinux:alpine_linux:3.16.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.17.6",
                "product": {
                  "name": "Open Source Alpine Linux \u003c3.17.6",
                  "product_id": "T031422"
                }
              },
              {
                "category": "product_version",
                "name": "3.17.6",
                "product": {
                  "name": "Open Source Alpine Linux 3.17.6",
                  "product_id": "T031422-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:alpinelinux:alpine_linux:3.17.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.18.5",
                "product": {
                  "name": "Open Source Alpine Linux \u003c3.18.5",
                  "product_id": "T031423"
                }
              },
              {
                "category": "product_version",
                "name": "3.18.5",
                "product": {
                  "name": "Open Source Alpine Linux 3.18.5",
                  "product_id": "T031423-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:alpinelinux:alpine_linux:3.18.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Alpine Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.0.12",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.0.12",
                  "product_id": "T030729"
                }
              },
              {
                "category": "product_version",
                "name": "3.0.12",
                "product": {
                  "name": "Open Source OpenSSL 3.0.12",
                  "product_id": "T030729-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.0.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.1.4",
                "product": {
                  "name": "Open Source OpenSSL \u003c3.1.4",
                  "product_id": "T030730"
                }
              },
              {
                "category": "product_version",
                "name": "3.1.4",
                "product": {
                  "name": "Open Source OpenSSL 3.1.4",
                  "product_id": "T030730-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:openssl:openssl:3.1.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenSSL"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.95",
                "product": {
                  "name": "Open Source nmap \u003c7.95",
                  "product_id": "T034359"
                }
              },
              {
                "category": "product_version",
                "name": "7.95",
                "product": {
                  "name": "Open Source nmap 7.95",
                  "product_id": "T034359-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:nmap:nmap:7.95"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "nmap"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1500 CPU",
                "product": {
                  "name": "Siemens SIMATIC S7 1500 CPU",
                  "product_id": "T025776",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:siemens:simatic_s7:1500_cpu"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c23.10",
                "product": {
                  "name": "Ubuntu Linux \u003c23.10",
                  "product_id": "T030731"
                }
              },
              {
                "category": "product_version",
                "name": "23.1",
                "product": {
                  "name": "Ubuntu Linux 23.10",
                  "product_id": "T030731-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:23.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c23.04",
                "product": {
                  "name": "Ubuntu Linux \u003c23.04",
                  "product_id": "T030732"
                }
              },
              {
                "category": "product_version",
                "name": "23.04",
                "product": {
                  "name": "Ubuntu Linux 23.04",
                  "product_id": "T030732-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:23.04"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c22.04 LTS",
                "product": {
                  "name": "Ubuntu Linux \u003c22.04 LTS",
                  "product_id": "T030733"
                }
              },
              {
                "category": "product_version",
                "name": "22.04 LTS",
                "product": {
                  "name": "Ubuntu Linux 22.04 LTS",
                  "product_id": "T030733-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:22.04_lts"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v9",
                "product": {
                  "name": "Xerox FreeFlow Print Server v9",
                  "product_id": "T015632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.2.0p24",
                "product": {
                  "name": "Checkmk Checkmk \u003c2.2.0p24",
                  "product_id": "T033108"
                }
              },
              {
                "category": "product_version",
                "name": "2.2.0p24",
                "product": {
                  "name": "Checkmk Checkmk 2.2.0p24",
                  "product_id": "T033108-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:tribe29:checkmk:2.2.0p24"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "checkmk"
          }
        ],
        "category": "vendor",
        "name": "tribe29"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-5363",
      "product_status": {
        "known_affected": [
          "T032247",
          "T032246",
          "67646",
          "T010951",
          "T036868",
          "T004914",
          "1139691",
          "T039192",
          "T020304",
          "T025776",
          "T031421",
          "T032435",
          "T034359",
          "T031423",
          "T030730",
          "T031422",
          "T030732",
          "T030731",
          "434967",
          "T030734",
          "T033108",
          "T030733",
          "1039165",
          "1522854",
          "T033483",
          "T015632",
          "74185",
          "T017562",
          "T021423",
          "T002207",
          "T031419",
          "T030729"
        ]
      },
      "release_date": "2023-10-24T22:00:00.000+00:00",
      "title": "CVE-2023-5363"
    }
  ]
}

CVE-2023-5363 (GCVE-0-2023-5363)

Vulnerability from cvelistv5 – Published: 2023-10-24 15:31 – Updated: 2026-05-12 10:22

Title

Incorrect cipher key & IV length processing

Summary

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.

Severity

No CVSS data available.

CWE

CWE-684 - Incorrect Provision of Specified Functionality

Assigner

openssl

References

3 references

URL	Tags
https://www.openssl.org/news/secadv/20231024.txt	vendor-advisory
https://git.openssl.org/gitweb/?p=openssl.git;a=c…	patch
https://git.openssl.org/gitweb/?p=openssl.git;a=c…	patch

Impacted products

1 product

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.0.0 , < 3.0.12 (semver) Affected: 3.1.0 , < 3.1.4 (semver)

Date Public

2023-10-24 00:00

Credits

Tony Battersby (Cybernetics) Dr Paul Dale

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:50:37.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20231024.txt"
          },
          {
            "name": "3.1.4 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee"
          },
          {
            "name": "3.0.12 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/24/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5532"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231027-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240201-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240201-0004/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-5363",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T19:15:36.625641Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T19:49:14.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIDIS Prime",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.0.700",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SINEC NMS",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0 SP1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T10:22:25.646Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-093430.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-277137.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.12",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.4",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tony Battersby (Cybernetics)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Dr Paul Dale"
        }
      ],
      "datePublic": "2023-10-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: A bug has been identified in the processing of key and\u003cbr\u003einitialisation vector (IV) lengths.  This can lead to potential truncation\u003cbr\u003eor overruns during the initialisation of some symmetric ciphers.\u003cbr\u003e\u003cbr\u003eImpact summary: A truncation in the IV can result in non-uniqueness,\u003cbr\u003ewhich could result in loss of confidentiality for some cipher modes.\u003cbr\u003e\u003cbr\u003eWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\u003cbr\u003eEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\u003cbr\u003ethe key and IV have been established.  Any alterations to the key length,\u003cbr\u003evia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\u003cbr\u003ewithin the OSSL_PARAM array will not take effect as intended, potentially\u003cbr\u003ecausing truncation or overreading of these values.  The following ciphers\u003cbr\u003eand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\u003cbr\u003e\u003cbr\u003eFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\u003cbr\u003eloss of confidentiality.  For example, when following NIST\u0027s SP 800-38D\u003cbr\u003esection 8.2.1 guidance for constructing a deterministic IV for AES in\u003cbr\u003eGCM mode, truncation of the counter portion could lead to IV reuse.\u003cbr\u003e\u003cbr\u003eBoth truncations and overruns of the key and overruns of the IV will\u003cbr\u003eproduce incorrect results and could, in some cases, trigger a memory\u003cbr\u003eexception.  However, these issues are not currently assessed as security\u003cbr\u003ecritical.\u003cbr\u003e\u003cbr\u003eChanging the key and/or IV lengths is not considered to be a common operation\u003cbr\u003eand the vulnerable API was recently introduced. Furthermore it is likely that\u003cbr\u003eapplication developers will have spotted this problem during testing since\u003cbr\u003edecryption would fail unless both peers in the communication were similarly\u003cbr\u003evulnerable. For these reasons we expect the probability of an application being\u003cbr\u003evulnerable to this to be quite low. However if an application is vulnerable then\u003cbr\u003ethis issue is considered very serious. For these reasons we have assessed this\u003cbr\u003eissue as Moderate severity overall.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\u003cbr\u003ethe issue lies outside of the FIPS provider boundary.\u003cbr\u003e\u003cbr\u003eOpenSSL 3.1 and 3.0 are vulnerable to this issue."
            }
          ],
          "value": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths.  This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established.  Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values.  The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality.  For example, when following NIST\u0027s SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception.  However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "MODERATE"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684 Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T14:55:52.132Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20231024.txt"
        },
        {
          "name": "3.1.4 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee"
        },
        {
          "name": "3.0.12 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect cipher key \u0026 IV length processing",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-5363",
    "datePublished": "2023-10-24T15:31:40.890Z",
    "dateReserved": "2023-10-03T16:19:46.060Z",
    "dateUpdated": "2026-05-12T10:22:25.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-2741

CVE-2023-5363 (GCVE-0-2023-5363)

Tags

Sightings

Nomenclature