UBUNTU-CVE-2021-23840

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2021-23840

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-23840.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-23840

Related

Published

2021-02-16T17:15:00Z

Modified

2021-02-16T17:15:00Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

References

Affected packages

Ubuntu:Pro:14.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.0.1f-1ubuntu2.27+esm10?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1f-1ubuntu2.27+esm10

Affected versions

1.*

1.0.1e-3ubuntu1

1.0.1e-4ubuntu1

1.0.1e-4ubuntu2

1.0.1e-4ubuntu3

1.0.1e-4ubuntu4

1.0.1f-1ubuntu1

1.0.1f-1ubuntu2

1.0.1f-1ubuntu2.1

1.0.1f-1ubuntu2.2

1.0.1f-1ubuntu2.3

1.0.1f-1ubuntu2.4

1.0.1f-1ubuntu2.5

1.0.1f-1ubuntu2.7

1.0.1f-1ubuntu2.8

1.0.1f-1ubuntu2.11

1.0.1f-1ubuntu2.12

1.0.1f-1ubuntu2.15

1.0.1f-1ubuntu2.16

1.0.1f-1ubuntu2.17

1.0.1f-1ubuntu2.18

1.0.1f-1ubuntu2.19

1.0.1f-1ubuntu2.20

1.0.1f-1ubuntu2.21

1.0.1f-1ubuntu2.22

1.0.1f-1ubuntu2.23

1.0.1f-1ubuntu2.24

1.0.1f-1ubuntu2.25

1.0.1f-1ubuntu2.26

1.0.1f-1ubuntu2.27

1.0.1f-1ubuntu2.27+esm1

1.0.1f-1ubuntu2.27+esm2

1.0.1f-1ubuntu2.27+esm3

1.0.1f-1ubuntu2.27+esm4

1.0.1f-1ubuntu2.27+esm5

1.0.1f-1ubuntu2.27+esm6

1.0.1f-1ubuntu2.27+esm7

1.0.1f-1ubuntu2.27+esm9

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libssl1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
            "libssl-dev": "1.0.1f-1ubuntu2.27+esm10",
            "libssl1.0.0": "1.0.1f-1ubuntu2.27+esm10",
            "libssl-doc": "1.0.1f-1ubuntu2.27+esm10",
            "libcrypto1.0.0-udeb-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
            "libssl1.0.0-dbg": "1.0.1f-1ubuntu2.27+esm10",
            "libssl-dev-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
            "openssl": "1.0.1f-1ubuntu2.27+esm10",
            "openssl-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
            "libssl1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm10",
            "libssl1.0.0-dbgsym": "1.0.1f-1ubuntu2.27+esm10",
            "libcrypto1.0.0-udeb": "1.0.1f-1ubuntu2.27+esm10"
        }
    ]
}

Ubuntu:16.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.0.2g-1ubuntu4.19?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.19

Affected versions

1.*

1.0.2d-0ubuntu1

1.0.2d-0ubuntu2

1.0.2e-1ubuntu1

1.0.2f-2ubuntu1

1.0.2g-1ubuntu2

1.0.2g-1ubuntu3

1.0.2g-1ubuntu4

1.0.2g-1ubuntu4.1

1.0.2g-1ubuntu4.2

1.0.2g-1ubuntu4.4

1.0.2g-1ubuntu4.5

1.0.2g-1ubuntu4.6

1.0.2g-1ubuntu4.8

1.0.2g-1ubuntu4.9

1.0.2g-1ubuntu4.10

1.0.2g-1ubuntu4.11

1.0.2g-1ubuntu4.12

1.0.2g-1ubuntu4.13

1.0.2g-1ubuntu4.14

1.0.2g-1ubuntu4.15

1.0.2g-1ubuntu4.16

1.0.2g-1ubuntu4.17

1.0.2g-1ubuntu4.18

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libssl1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.19",
            "libssl-dev": "1.0.2g-1ubuntu4.19",
            "libssl1.0.0": "1.0.2g-1ubuntu4.19",
            "libssl-doc": "1.0.2g-1ubuntu4.19",
            "libcrypto1.0.0-udeb-dbgsym": "1.0.2g-1ubuntu4.19",
            "libssl1.0.0-dbg": "1.0.2g-1ubuntu4.19",
            "libssl-dev-dbgsym": "1.0.2g-1ubuntu4.19",
            "openssl": "1.0.2g-1ubuntu4.19",
            "openssl-dbgsym": "1.0.2g-1ubuntu4.19",
            "libssl1.0.0-udeb": "1.0.2g-1ubuntu4.19",
            "libssl1.0.0-dbgsym": "1.0.2g-1ubuntu4.19",
            "libcrypto1.0.0-udeb": "1.0.2g-1ubuntu4.19"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / edk2

Package

Name: edk2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0~20150106.*

0~20150106.5c2d456b-2

0~20160104.*

0~20160104.c2a892d7-1

0~20160408.*

0~20160408.ffea0a2c-2

0~20160408.ffea0a2c-2ubuntu0.1

0~20160408.ffea0a2c-2ubuntu0.2

0~20160408.ffea0a2c-2ubuntu0.2+esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:18.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.1.1-1ubuntu2.1~18.04.8?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-1ubuntu2.1~18.04.8

Affected versions

1.*

1.0.2g-1ubuntu13

1.0.2g-1ubuntu14

1.0.2n-1ubuntu1

1.1.0g-2ubuntu1

1.1.0g-2ubuntu2

1.1.0g-2ubuntu3

1.1.0g-2ubuntu4

1.1.0g-2ubuntu4.1

1.1.0g-2ubuntu4.3

1.1.1-1ubuntu2.1~18.04.1

1.1.1-1ubuntu2.1~18.04.2

1.1.1-1ubuntu2.1~18.04.3

1.1.1-1ubuntu2.1~18.04.4

1.1.1-1ubuntu2.1~18.04.5

1.1.1-1ubuntu2.1~18.04.6

1.1.1-1ubuntu2.1~18.04.7

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libssl-doc": "1.1.1-1ubuntu2.1~18.04.8",
            "libssl-dev": "1.1.1-1ubuntu2.1~18.04.8",
            "libssl1.1-dbgsym": "1.1.1-1ubuntu2.1~18.04.8",
            "libssl1.1-udeb": "1.1.1-1ubuntu2.1~18.04.8",
            "libssl1.1": "1.1.1-1ubuntu2.1~18.04.8",
            "openssl-dbgsym": "1.1.1-1ubuntu2.1~18.04.8",
            "libcrypto1.1-udeb": "1.1.1-1ubuntu2.1~18.04.8",
            "openssl": "1.1.1-1ubuntu2.1~18.04.8"
        }
    ]
}

Ubuntu:18.04:LTS / openssl1.0

Package

Name: openssl1.0
Purl: pkg:deb/ubuntu/openssl1.0@1.0.2n-1ubuntu5.6?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2n-1ubuntu5.6

Affected versions

1.*

1.0.2n-1ubuntu2

1.0.2n-1ubuntu3

1.0.2n-1ubuntu4

1.0.2n-1ubuntu5

1.0.2n-1ubuntu5.1

1.0.2n-1ubuntu5.2

1.0.2n-1ubuntu5.3

1.0.2n-1ubuntu5.4

1.0.2n-1ubuntu5.5

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libssl1.0.0-dbgsym": "1.0.2n-1ubuntu5.6",
            "libssl1.0-dev": "1.0.2n-1ubuntu5.6",
            "openssl1.0": "1.0.2n-1ubuntu5.6",
            "openssl1.0-dbgsym": "1.0.2n-1ubuntu5.6",
            "libssl1.0.0-udeb": "1.0.2n-1ubuntu5.6",
            "libssl1.0.0": "1.0.2n-1ubuntu5.6",
            "libcrypto1.0.0-udeb": "1.0.2n-1ubuntu5.6"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / edk2

Package

Name: edk2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0~20170911.*

0~20170911.5dfba97c-1

0~20171010.*

0~20171010.234dbcef-1

0~20171027.*

0~20171027.76fd5a66-1

0~20171205.*

0~20171205.a9212288-1

0~20180105.*

0~20180105.0bc94c74-1

0~20180205.*

0~20180205.c0d9813c-1

0~20180205.c0d9813c-2

0~20180205.c0d9813c-2ubuntu0.1

0~20180205.c0d9813c-2ubuntu0.2

0~20180205.c0d9813c-2ubuntu0.3

0~20180205.c0d9813c-2ubuntu0.3+esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / edk2

Package

Name: edk2
Purl: pkg:deb/ubuntu/edk2@0~20191122.bd85bf54-2ubuntu3.3?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0~20191122.bd85bf54-2ubuntu3.3

Affected versions

0~20190606.*

0~20190606.20d2e5a1-2ubuntu1

0~20190828.*

0~20190828.37eef910-3

0~20190828.37eef910-4

0~20191122.*

0~20191122.bd85bf54-1

0~20191122.bd85bf54-1ubuntu1

0~20191122.bd85bf54-2

0~20191122.bd85bf54-2ubuntu1

0~20191122.bd85bf54-2ubuntu2

0~20191122.bd85bf54-2ubuntu3

0~20191122.bd85bf54-2ubuntu3.1

0~20191122.bd85bf54-2ubuntu3.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "qemu-efi-aarch64": "0~20191122.bd85bf54-2ubuntu3.3",
            "ovmf": "0~20191122.bd85bf54-2ubuntu3.3",
            "qemu-efi": "0~20191122.bd85bf54-2ubuntu3.3",
            "qemu-efi-arm": "0~20191122.bd85bf54-2ubuntu3.3"
        }
    ]
}

Ubuntu:20.04:LTS / openssl

Package

Name: openssl
Purl: pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.2?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1f-1ubuntu2.2

Affected versions

1.*

1.1.1c-1ubuntu4

1.1.1d-2ubuntu3

1.1.1d-2ubuntu6

1.1.1f-1ubuntu1

1.1.1f-1ubuntu2

1.1.1f-1ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "libssl-doc": "1.1.1f-1ubuntu2.2",
            "libssl-dev": "1.1.1f-1ubuntu2.2",
            "libssl1.1-dbgsym": "1.1.1f-1ubuntu2.2",
            "libssl1.1-udeb": "1.1.1f-1ubuntu2.2",
            "libssl1.1": "1.1.1f-1ubuntu2.2",
            "openssl-dbgsym": "1.1.1f-1ubuntu2.2",
            "libcrypto1.1-udeb": "1.1.1f-1ubuntu2.2",
            "openssl": "1.1.1f-1ubuntu2.2"
        }
    ]
}

Ubuntu:22.04:LTS / edk2

Package

Name: edk2
Purl: pkg:deb/ubuntu/edk2@2021.08~rc0-2?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2021.08~rc0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "ovmf-ia32": "2021.08~rc0-2",
            "qemu-efi-aarch64": "2021.08~rc0-2",
            "ovmf": "2021.08~rc0-2",
            "qemu-efi": "2021.08~rc0-2",
            "qemu-efi-arm": "2021.08~rc0-2"
        }
    ]
}

Ubuntu:22.04:LTS / nodejs

Package

Name: nodejs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.22.5~dfsg-5ubuntu1

12.22.7~dfsg-2ubuntu1

12.22.7~dfsg-2ubuntu3

12.22.9~dfsg-1ubuntu2

12.22.9~dfsg-1ubuntu3

12.22.9~dfsg-1ubuntu3.1

12.22.9~dfsg-1ubuntu3.2

12.22.9~dfsg-1ubuntu3.3

12.22.9~dfsg-1ubuntu3.4

12.22.9~dfsg-1ubuntu3.5

12.22.9~dfsg-1ubuntu3.6

Ecosystem specific

{
    "ubuntu_priority": "low"
}