VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-77pu-uaaz-aaaa

Essentials
Severities (99)
References (13)
Severity details (12)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-77pu-uaaz-aaaa
Aliases	CVE-2023-1255
Summary	Out-of-bounds Read Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.
Status	Published
Exploitability	0.5
Weighted Severity	5.3
Risk	2.6
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-125	Out-of-bounds Read
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer

System	Score	Found at
cvssv3	5.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1255.json
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00031	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00032	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00032	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00046	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00094	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00099	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00101	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
epss	0.00118	https://api.first.org/data/v1/epss?cve=CVE-2023-1255
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.9	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb
cvssv3.1	5.9	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a
ssvc	Track	https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a
cvssv3	5.9	https://nvd.nist.gov/vuln/detail/CVE-2023-1255
cvssv3.1	5.9	https://nvd.nist.gov/vuln/detail/CVE-2023-1255
cvssv3.1	5.9	https://security.netapp.com/advisory/ntap-20230908-0006/
ssvc	Track	https://security.netapp.com/advisory/ntap-20230908-0006/
cvssv3.1	5.9	https://www.openssl.org/news/secadv/20230419.txt
ssvc	Track	https://www.openssl.org/news/secadv/20230419.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1255.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-1255
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb
		https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a
		https://security.netapp.com/advisory/ntap-20230908-0006/
		https://www.openssl.org/news/secadv/20230419.txt
1034720		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034720
2188461		https://bugzilla.redhat.com/show_bug.cgi?id=2188461
cpe:2.3:a:openssl:openssl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl::::::::
CVE-2023-1255		https://nvd.nist.gov/vuln/detail/CVE-2023-1255
RHSA-2023:3722		https://access.redhat.com/errata/RHSA-2023:3722
USN-6119-1		https://usn.ubuntu.com/6119-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-1255.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/ Found at https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1255

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-1255

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20230908-0006/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/ Found at https://security.netapp.com/advisory/ntap-20230908-0006/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://www.openssl.org/news/secadv/20230419.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:14:55Z/ Found at https://www.openssl.org/news/secadv/20230419.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.0563
EPSS Score	0.00031
Published At	April 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.