POLY1305 MAC implementation corrupts vector registers on PowerPC

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2023-6129
StatePUBLISHED
Assigneropenssl
Source PriorityCVE Program / NVD first with legacy fallback
Published2024-01-09 17:15:12 UTC
Updated2026-05-12 11:16:17 UTC
DescriptionIssue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.

Risk And Classification

Primary CVSS: v3.1 6.5 MEDIUM from [email protected]

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS: 0.033310000 probability, percentile 0.873820000 (date 2026-05-12)

Problem Types: CWE-440 | CWE-787 | CWE-440 CWE-440 Expected Behavior Violation

VersionSourceTypeScoreSeverityVector
3.1[email protected]Primary6.5MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
3.1ADPDECLARED6.5MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
3.1134c704f-9b21-4f2e-91b3-4a467353bcc0Secondary6.5MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CVSS v3.1 Breakdown

Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Openssl Openssl 3.2.0 All All All
Application Openssl Openssl All All All All
Application Openssl Openssl All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA OpenSSL OpenSSL affected 3.2.0 3.2.1 semver Not specified
CNA OpenSSL OpenSSL affected 3.1.0 3.1.5 semver Not specified
CNA OpenSSL OpenSSL affected 3.0.0 3.0.13 semver Not specified
ADP Siemens SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem affected * custom Not specified
ADP Siemens SINEC NMS affected V3.0 SP1 custom Not specified

References

ReferenceSourceLinkTags
security.netapp.com/advisory/ntap-20240216-0009 af854a3a-2127-422b-91ae-364da2661108 security.netapp.com
security.netapp.com/advisory/ntap-20240426-0008 af854a3a-2127-422b-91ae-364da2661108 security.netapp.com
poly1305-ppc.pl: Fix vector register clobbering · openssl/openssl@f3fc580 · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Patch
www.openssl.org/news/secadv/20240109.txt af854a3a-2127-422b-91ae-364da2661108 www.openssl.org Vendor Advisory
security.netapp.com/advisory/ntap-20240503-0011 af854a3a-2127-422b-91ae-364da2661108 security.netapp.com
cert-portal.siemens.com/productcert/html/ssa-265688.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
www.openwall.com/lists/oss-security/2024/03/11/1 af854a3a-2127-422b-91ae-364da2661108 www.openwall.com
cert-portal.siemens.com/productcert/html/ssa-331112.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
security.netapp.com/advisory/ntap-20240426-0013 af854a3a-2127-422b-91ae-364da2661108 security.netapp.com
cert-portal.siemens.com/productcert/html/ssa-769027.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
cert-portal.siemens.com/productcert/html/ssa-915275.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
poly1305-ppc.pl: Fix vector register clobbering · openssl/openssl@050d263 · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Patch
poly1305-ppc.pl: Fix vector register clobbering · openssl/openssl@5b139f9 · GitHub af854a3a-2127-422b-91ae-364da2661108 github.com Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Sverker Eriksson (en)

CNA: Rohan McLure (en)

Legacy QID Mappings

  • 200094 Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-6622-1)
  • 330164 IBM Advanced Interactive eXecutive (AIX) Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (openssl_advisory40)
  • 505912 Alpine Linux Security Update for openssl
  • 506285 Alpine Linux Security Update for openssl
  • 520013 Open Secure Sockets Layer (OpenSSL) POLY1305 MAC Improper Authentication (CVE-2023-6129)
  • 691394 Free Berkeley Software Distribution (FreeBSD) Security Update for Open Secure Sockets Layer (OpenSSL) (8337251b-b07b-11ee-b0d7-84a93843eb75)
  • 755637 SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2024:0172-1)
  • 755771 SUSE Enterprise Linux Security Update for openssl-3 (SUSE-SU-2024:0518-1)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report