Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the openssl-3.0.7-25.el9 build changelog.

  - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated     data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV     algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding     or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently     unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated     data entries along with the encryption. To authenticate empty data the application has to call     EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input     buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of     performing the associated data authentication operation. The empty data thus will not be authenticated. As     this issue does not affect non-empty associated data authentication and we expect it to be rare for an     application to use empty associated data entries this is qualified as Low severity issue. (CVE-2023-2975)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too     large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is     over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or     parameters that have been supplied. Some of those checks use the supplied modulus value even if it has     already been found to be too large. An application that calls DH_check() and supplies a key or parameters     obtained from an untrusted source could be vulernable to a Denial of Service attack. The function     DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those     other functions may similarly be affected. The other functions affected by this are DH_check_ex() and     EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications     when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The     OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. (CVE-2023-3446)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter     value can also trigger an overly long computation during some of these checks. A correct q value, if     present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if     q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an     untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check     option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS     providers are not affected by this issue. (CVE-2023-3817)

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

  - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or     parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to     generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(),     DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may     experience long delays. Where the key or parameters that are being checked have been obtained from an     untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks     (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable     for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an     excessively large P, it doesn't check for an excessively large Q. An application that calls     DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source     could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_pub_key_ex(),     EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line     application when using the -pubcheck option, as well as the OpenSSL genpkey command line application.
    The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers     are not affected by this issue. (CVE-2023-5678)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12093 advisory.

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0500 advisory.

  - openssl: Incorrect cipher key and IV length processing (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0310 advisory.

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0310 advisory.

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0310 advisory.

  - openssl: Incorrect cipher key and IV length processing (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory.

  - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)).     Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.     Successful attacks of this vulnerability can result in unauthorized access to critical data or complete     access to all MySQL Connectors accessible data. (CVE-2023-5363)

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General     (Apache Tomcat)). Supported versions that are affected are 8.0.36 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in unauthorized creation,     deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data.
    (CVE-2023-46589)

  - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL (component: Monitoring: General     (Apache Struts)). Supported versions that are affected are 8.0.36 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL     Enterprise Monitor. (CVE-2023-50164)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Workbench installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory.

  - Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (libssh)).     Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench.     Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to     some of MySQL Workbench accessible data as well as unauthorized read access to a subset of MySQL     Workbench accessible data. (CVE-2023-2283)

  - Vulnerability in the MySQL Workbench product of Oracle MySQL (component: MySQL Workbench (OpenSSL)).     Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench.     Successful attacks of this vulnerability can result in unauthorized access to critical data or     complete access to all MySQL Workbench accessible data. (CVE-2023-5363)

  - Vulnerability in the MySQL Workbench product of Oracle MySQL (component: Workbench (Python)).     Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via MySQL Workbench to compromise MySQL Workbench.     Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification     access to critical data or all MySQL Workbench accessible data.(CVE-2023-41105)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).
    Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical     data or complete access to all MySQL Server accessible data. (CVE-2023-5363)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions     that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2023-20960)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability     allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently     repeatable crash (complete DOS) of MySQL Server. (CVE-2023-20961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory.

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).
    Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical     data or complete access to all MySQL Server accessible data. (CVE-2023-5363)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions     that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low     privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful     attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable     crash (complete DOS) of MySQL Server. (CVE-2023-20960)

  - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported     versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability     allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.
    Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently     repeatable crash (complete DOS) of MySQL Server. (CVE-2023-20961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The 8.1.0 versions of MySQL Connectors installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory.

  - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/C++ (OpenSSL)).     Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows     unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.     Successful attacks of this vulnerability can result in unauthorized access to critical data or complete     access to all MySQL Connectors accessible data. (CVE-2023-5363)

  - Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC (OpenSSL)).     Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable     vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise     MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical     data or complete access to all MySQL Connectors accessible data. (CVE-2023-5363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-43 advisory.

  - Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of     the third-party components (HandlebarsJS, OpenSSL, and jquery-file-upload)were found to contain     vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line     with best practice, Tenable has opted to upgrade these components to address the potential impact of the     issues. Nessus Network Monitor 6.3.1 updates HandlebarsJS to version 4.7.8, OpenSSL to version 3.0.12, and     jquery-file-upload to version 10.8.0. Tenable has released Nessus Network Monitor 6.3.1 to address these     issues. The installation files can be obtained from the Tenable Downloads Portal     (https://www.tenable.com/downloads/nessus-network-monitor). (CVE-2018-9206, CVE-2021-23369,     CVE-2021-23383, CVE-2023-5363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-406 advisory.

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4190-1 advisory.

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter     value can also trigger an overly long computation during some of these checks. A correct q value, if     present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if     q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an     untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check     option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS     providers are not affected by this issue. (CVE-2023-3817)

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4189-1 advisory.

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter     value can also trigger an overly long computation during some of these checks. A correct q value, if     present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if     q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an     untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check     option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS     providers are not affected by this issue. (CVE-2023-3817)

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.0.12. It is, therefore, affected by a vulnerability as referenced in the 3.0.12 advisory.

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of OpenSSL installed on the remote host is prior to 3.1.4. It is, therefore, affected by a vulnerability as referenced in the 3.1.4 advisory.

  - Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
    This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.
    Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of     confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or     EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been     established. Any alterations to the key length, via the keylen parameter or the IV length, via the     ivlen parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing     truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4,     RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of     confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a     deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both     truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in     some cases, trigger a memory exception. However, these issues are not currently assessed as security     critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable     API was recently introduced. Furthermore it is likely that application developers will have spotted this     problem during testing since decryption would fail unless both peers in the communication were similarly     vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be     quite low. However if an application is vulnerable then this issue is considered very serious. For these     reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is     not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the     issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
    (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5532 advisory.

  - SO-AND-SO reports: Moderate severity: A bug has been identified in the processing             of key and     initialisation vector (IV) lengths. This can lead to             potential truncation or overruns during     the initialisation of             some symmetric ciphers. (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4a4712ae-7299-11ee-85eb-84a93843eb75 advisory.

  - SO-AND-SO reports: Moderate severity: A bug has been identified in the processing             of key and     initialisation vector (IV) lengths. This can lead to             potential truncation or overruns during     the initialisation of             some symmetric ciphers. (CVE-2023-5363)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6450-1 advisory.

  - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated     data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV     algorithm and want to authenticate empty data entries as associated data can be mislead by removing adding     or reordering such empty entries as these are ignored by the OpenSSL implementation. We are currently     unaware of any such applications. The AES-SIV algorithm allows for authentication of multiple associated     data entries along with the encryption. To authenticate empty data the application has to call     EVP_EncryptUpdate() (or EVP_CipherUpdate()) with NULL pointer as the output buffer and 0 as the input     buffer length. The AES-SIV implementation in OpenSSL just returns success for such a call instead of     performing the associated data authentication operation. The empty data thus will not be authenticated. As     this issue does not affect non-empty associated data authentication and we expect it to be rare for an     application to use empty associated data entries this is qualified as Low severity issue. (CVE-2023-2975)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too     large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is     over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or     parameters that have been supplied. Some of those checks use the supplied modulus value even if it has     already been found to be too large. An application that calls DH_check() and supplies a key or parameters     obtained from an untrusted source could be vulernable to a Denial of Service attack. The function     DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those     other functions may similarly be affected. The other functions affected by this are DH_check_ex() and     EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications     when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The     OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. (CVE-2023-3446)

  - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary:
    Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key     or DH parameters may experience long delays. Where the key or parameters that are being checked have been     obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs     various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter     value can also trigger an overly long computation during some of these checks. A correct q value, if     present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if     q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an     untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself     called by a number of other OpenSSL functions. An application calling any of those other functions may     similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check().
    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the -check     option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS     providers are not affected by this issue. (CVE-2023-3817)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
193927	CentOS 9 : openssl-3.0.7-25.el9	Nessus	CentOS Local Security Checks	high
189606	Oracle Linux 9 : openssl (ELSA-2024-12093)	Nessus	Oracle Linux Local Security Checks	high
189583	RHEL 9 : openssl (RHSA-2024:0500)	Nessus	Red Hat Local Security Checks	high
189378	Oracle Linux 9 : openssl (ELSA-2024-0310)	Nessus	Oracle Linux Local Security Checks	high
189273	AlmaLinux 9 : openssl (ALSA-2024:0310)	Nessus	Alma Linux Local Security Checks	high
189271	RHEL 9 : openssl (RHSA-2024:0310)	Nessus	Red Hat Local Security Checks	high
189239	Oracle MySQL Enterprise Monitor (January 2024 CPU)	Nessus	CGI abuses	critical
189238	Oracle MySQL Workbench < 8.0.36 (January 2024)	Nessus	Windows	high
189234	Oracle MySQL Server 8.0.x < 8.0.36 (April 2024 CPU)	Nessus	Databases	high
189233	Oracle MySQL Server 8.x < 8.3.0 (January 2024 CPU)	Nessus	Databases	high
189224	Oracle MySQL Connectors C++ and ODBC (January 2024 CPU)	Nessus	Misc.	high
186472	Nessus Network Monitor < 6.3.1 Multiple Vulnerabilities (TNS-2023-43)	Nessus	Misc.	critical
184423	Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-406)	Nessus	Amazon Linux Local Security Checks	high
183900	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:4190-1)	Nessus	SuSE Local Security Checks	high
183899	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:4189-1)	Nessus	SuSE Local Security Checks	high
183891	OpenSSL 3.0.0 < 3.0.12 Vulnerability	Nessus	Web Servers	high
183890	OpenSSL 3.1.0 < 3.1.4 Vulnerability	Nessus	Web Servers	high
183877	Debian DSA-5532-1 : openssl - security update	Nessus	Debian Local Security Checks	high
183822	FreeBSD : OpenSSL -- potential loss of confidentiality (4a4712ae-7299-11ee-85eb-84a93843eb75)	Nessus	FreeBSD Local Security Checks	high
183790	Ubuntu 22.04 LTS / 23.04 / 23.10 : OpenSSL vulnerabilities (USN-6450-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2023-5363

high

Tenable Plugins

high

high

high

high

high

high

critical

high

high

high

high

critical

high

high

high

high

high

high

high

high