Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/45012?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45012?format=api", "vulnerability_id": "VCID-vyxk-cz2r-ffgf", "summary": "Out-of-bounds Read\nIssue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", "aliases": [ { "alias": "CVE-2023-1255" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64915?format=api", "purl": "pkg:conan/openssl@3.0.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-sd2f-6nk6-dua6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/64916?format=api", "purl": "pkg:conan/openssl@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ju5y-bakm-mqd8" }, { "vulnerability": "VCID-sd2f-6nk6-dua6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59827?format=api", "purl": "pkg:conan/openssl@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1hgm-58xg-r7bt" }, { "vulnerability": "VCID-1yjs-f4gq-h7ht" }, { "vulnerability": "VCID-3g6n-ujyv-jub3" }, { "vulnerability": "VCID-5a2a-trbk-fkfg" }, { "vulnerability": "VCID-5rhg-tvzd-h7es" }, { "vulnerability": "VCID-86j5-ag2t-2qhj" }, { "vulnerability": "VCID-8q7w-7je3-zkgt" }, { "vulnerability": "VCID-97cm-wmq1-gkfd" }, { "vulnerability": "VCID-as38-bfar-q3hh" }, { "vulnerability": "VCID-erdm-7pfg-e7hc" }, { "vulnerability": "VCID-f2np-fk61-nbh1" }, { "vulnerability": "VCID-gj2m-z5b6-6yf2" }, { "vulnerability": "VCID-ju5y-bakm-mqd8" }, { "vulnerability": "VCID-m7sy-6spe-6yau" }, { "vulnerability": "VCID-mm8w-472m-puea" }, { "vulnerability": "VCID-mnkq-e45g-fyfw" }, { "vulnerability": "VCID-nqu1-ffyz-wubt" }, { "vulnerability": "VCID-nx5k-32hq-yuh4" }, { "vulnerability": "VCID-s6rb-rb8j-yfc6" }, { "vulnerability": "VCID-sd2f-6nk6-dua6" }, { "vulnerability": "VCID-se2f-3x6g-7uc6" }, { "vulnerability": "VCID-taas-512g-jfdw" }, { "vulnerability": "VCID-tjhj-1wc7-rych" }, { "vulnerability": "VCID-ts7c-u8g2-rqa4" }, { "vulnerability": "VCID-vyxk-cz2r-ffgf" }, { "vulnerability": "VCID-w1qj-n768-hbar" }, { "vulnerability": "VCID-yhn2-ctzh-ducy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/64353?format=api", "purl": "pkg:conan/openssl@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3g6n-ujyv-jub3" }, { "vulnerability": "VCID-5rhg-tvzd-h7es" }, { "vulnerability": "VCID-8q7w-7je3-zkgt" }, { "vulnerability": "VCID-as38-bfar-q3hh" }, { "vulnerability": "VCID-m7sy-6spe-6yau" }, { "vulnerability": "VCID-mm8w-472m-puea" }, { "vulnerability": "VCID-mnkq-e45g-fyfw" }, { "vulnerability": "VCID-nx5k-32hq-yuh4" }, { "vulnerability": "VCID-sd2f-6nk6-dua6" }, { "vulnerability": "VCID-vyxk-cz2r-ffgf" }, { "vulnerability": "VCID-w1qj-n768-hbar" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:conan/openssl@3.1.0" } ], "references": [ { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb" }, { "reference_url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a" }, { "reference_url": "https://www.openssl.org/news/secadv/20230419.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openssl.org/news/secadv/20230419.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", "reference_id": "CVE-2023-1255", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1255" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 125, "name": "Out-of-bounds Read", "description": "The product reads data past the end, or before the beginning, of the intended buffer." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vyxk-cz2r-ffgf" }