Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7dgf-zyqq-8ug8
Vulnerability ID VCID-7dgf-zyqq-8ug8
Aliases CVE-2023-5363
Summary openssl: Incorrect cipher key and IV length processing
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-325 Missing Cryptographic Step
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-684 Incorrect Provision of Specified Functionality
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5363.json
epss 0.06469 https://api.first.org/data/v1/epss?cve=CVE-2023-5363
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
cvssv3.1 7.5 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
ssvc Track https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
archlinux Medium https://security.archlinux.org/AVG-2848
archlinux Medium https://security.archlinux.org/AVG-2849
cvssv3.1 7.5 https://www.openssl.org/news/secadv/20231024.txt
ssvc Track https://www.openssl.org/news/secadv/20231024.txt
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5363.json
https://api.first.org/data/v1/epss?cve=CVE-2023-5363
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
https://security.netapp.com/advisory/ntap-20231027-0010/
https://www.debian.org/security/2023/dsa-5532
https://www.openssl.org/news/secadv/20231024.txt
http://www.openwall.com/lists/oss-security/2023/10/24/1
2243839 https://bugzilla.redhat.com/show_bug.cgi?id=2243839
AVG-2848 https://security.archlinux.org/AVG-2848
AVG-2849 https://security.archlinux.org/AVG-2849
CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363
RHSA-2024:0310 https://access.redhat.com/errata/RHSA-2024:0310
RHSA-2024:0500 https://access.redhat.com/errata/RHSA-2024:0500
RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:1383
RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:2094
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5363.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.openssl.org/news/secadv/20231024.txt
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:15:36Z/ Found at https://www.openssl.org/news/secadv/20231024.txt
Exploit Prediction Scoring System (EPSS)
Percentile 0.91221
EPSS Score 0.06469
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:05:40.373655+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5363.json 38.6.0