{"api_version":"1","generated_at":"2026-04-23T00:41:08+00:00","cve":"CVE-2021-23840","urls":{"html":"https://cve.report/CVE-2021-23840","api":"https://cve.report/api/cve/CVE-2021-23840.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-23840","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-23840"},"summary":{"title":"Integer overflow in CipherUpdate","description":"Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).","state":"PUBLISHED","assigner":"openssl","published_at":"2021-02-16 17:15:13","updated_at":"2026-04-16 15:16:45"},"problem_types":["CWE-190","Overflow","CWE-190 CWE-190 Integer Overflow or Wraparound"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:N/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2","name":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"git.openssl.org Git","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1","name":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - April 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","name":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - October 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10366","name":"https://kc.mcafee.com/corporate/index?page=content&id=SB10366","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Security Bulletin - ePolicy Orchestrator update addresses two product vulnerabilities (CVE-2021-31834 and CVE-2021-31835) and updates Java, OpenSSL, and Tomcat","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.openssl.org/news/secadv/20210216.txt","name":"https://www.openssl.org/news/secadv/20210216.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","name":"https://www.oracle.com//security-alerts/cpujul2021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - July 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20210219-0009/","name":"https://security.netapp.com/advisory/ntap-20210219-0009/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"February 2021 OpenSSL Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.tenable.com/security/tns-2021-03","name":"https://www.tenable.com/security/tns-2021-03","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[R1] Stand-alone Security Patches Available for Tenable.sc versions 5.13.0 to 5.17.0 - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202103-03","name":"https://security.gentoo.org/glsa/202103-03","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"OpenSSL: Multiple vulnerabilities (GLSA 202103-03) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","name":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - January 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","name":"https://www.oracle.com/security-alerts/cpuApr2021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"],"title":"Oracle Critical Patch Update Advisory - April 2021","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","name":"https://security.netapp.com/advisory/ntap-20240621-0006/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.tenable.com/security/tns-2021-09","name":"https://www.tenable.com/security/tns-2021-09","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[R1] Nessus Network Monitor 5.13.1 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.tenable.com/security/tns-2021-10","name":"https://www.tenable.com/security/tns-2021-10","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2021/dsa-4855","name":"https://www.debian.org/security/2021/dsa-4855","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4855-1 openssl","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","name":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846","name":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Public KB - SA44846 - OpenSSL Security Advisory CVE-2021-23841","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1","name":"CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1","refsource":"MITRE","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"200","archivestatus":"200"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2","name":"CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2","refsource":"MITRE","tags":[],"title":"git.openssl.org Git - openssl.git/commitdiff","mime":"text/xml","httpstatus":"404","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","name":"MLIST:[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","refsource":"MITRE","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","name":"MLIST:[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","refsource":"MITRE","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-23840","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23840","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"OpenSSL","product":"OpenSSL","version":"affected Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i)","platforms":[]},{"source":"CNA","vendor":"OpenSSL","product":"OpenSSL","version":"affected Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Paul Kehrer","lang":"en"}],"nvd_cpes":[{"cve_year":"2021","cve_id":"23840","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openssl","cpe5":"openssl","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-23840","qid":"159414","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-3798)"},{"cve":"CVE-2021-23840","qid":"159423","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9478)"},{"cve":"CVE-2021-23840","qid":"159438","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9528)"},{"cve":"CVE-2021-23840","qid":"159512","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-4424)"},{"cve":"CVE-2021-23840","qid":"159562","title":"Oracle Enterprise Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ELSA-2021-9561)"},{"cve":"CVE-2021-23840","qid":"174786","title":"SUSE Enterprise Linux Security update for openssl-1_1 (SUSE-SU-2021:0754-1)"},{"cve":"CVE-2021-23840","qid":"174789","title":"SUSE Enterprise Linux Security update for openssl-1_0_0 (SUSE-SU-2021:0769-1)"},{"cve":"CVE-2021-23840","qid":"174794","title":"SUSE Enterprise Linux Security update for compat-openssl098 (SUSE-SU-2021:0793-1)"},{"cve":"CVE-2021-23840","qid":"174839","title":"SUSE Enterprise Linux Security update for openssl (SUSE-SU-2021:0939-1)"},{"cve":"CVE-2021-23840","qid":"174858","title":"SUSE Enterprise Linux Security update for openssl (SUSE-SU-2021:0939-1)"},{"cve":"CVE-2021-23840","qid":"180566","title":"Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-23840)"},{"cve":"CVE-2021-23840","qid":"198517","title":"Ubuntu Security Notification for EDK II Vulnerabilities (USN-5088-1)"},{"cve":"CVE-2021-23840","qid":"239678","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:3798)"},{"cve":"CVE-2021-23840","qid":"239793","title":"Red Hat Update for edk2 security (RHSA-2021:4198)"},{"cve":"CVE-2021-23840","qid":"239823","title":"Red Hat Update for Open Secure Sockets Layer (OpenSSL) (RHSA-2021:4424)"},{"cve":"CVE-2021-23840","qid":"239865","title":"Red Hat Update for red hat jboss core services apache Hypertext Transfer Protocol (HTTP) server 2.4.37 sp10 (RHSA-2021:4614)"},{"cve":"CVE-2021-23840","qid":"257128","title":"CentOS Security Update for Open Secure Sockets Layer (OpenSSL) (CESA-2021:3798)"},{"cve":"CVE-2021-23840","qid":"296067","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 33.94.0 Missing (CPUAPR2021)"},{"cve":"CVE-2021-23840","qid":"330081","title":"IBM AIX Multiple Vulnerabilities in Openssl (openssl_advisory33)"},{"cve":"CVE-2021-23840","qid":"352246","title":"Amazon Linux Security Advisory for openssl11: ALAS2-2021-1612"},{"cve":"CVE-2021-23840","qid":"352296","title":"Amazon Linux Security Update for Open Secure Sockets Layer (OpenSSL): AL2012-2021-339"},{"cve":"CVE-2021-23840","qid":"357333","title":"Amazon Linux Security Advisory for edk2 : ALAS2-2024-2502"},{"cve":"CVE-2021-23840","qid":"375467","title":"Node.js Multiple Vulnerabilities"},{"cve":"CVE-2021-23840","qid":"375658","title":"Node.js Multiple Vulnerabilities (February 2021) (Installed with Nodlist)"},{"cve":"CVE-2021-23840","qid":"376544","title":"F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Open Secure Sockets Layer (OpenSSL) Vulnerability (K24624116)"},{"cve":"CVE-2021-23840","qid":"377475","title":"Alibaba Cloud Linux Security Update for Open Secure Sockets Layer (OpenSSL) (ALINUX2-SA-2021:0056)"},{"cve":"CVE-2021-23840","qid":"379452","title":"IBM Cognos Analytics Multiple Vulnerabilities (7123154)"},{"cve":"CVE-2021-23840","qid":"38845","title":"Pulse Connect Secure and Pulse Policy Secure Multiple Vulnerabilities (SA44846)"},{"cve":"CVE-2021-23840","qid":"500497","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2021-23840","qid":"500565","title":"Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL)"},{"cve":"CVE-2021-23840","qid":"500764","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2021-23840","qid":"501164","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2021-23840","qid":"501983","title":"Alpine Linux Security Update for Open Secure Sockets Layer3 (OpenSSL3)"},{"cve":"CVE-2021-23840","qid":"502902","title":"Alpine Linux Security Update for openssl1.1-compat"},{"cve":"CVE-2021-23840","qid":"504256","title":"Alpine Linux Security Update for openssl"},{"cve":"CVE-2021-23840","qid":"591054","title":"Mitsubishi Electric MELSOFT GT OPC UA, GT SoftGOT2000 Multiple Vulnerabilities (ICSA-22-130-06)"},{"cve":"CVE-2021-23840","qid":"591311","title":"Bosch Rexroth PRA-ES8P2S Ethernet-Switch Multiple Vulnerabilities (BOSCH-SA-247053-BT)"},{"cve":"CVE-2021-23840","qid":"670250","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL098e) (EulerOS-SA-2021-1826)"},{"cve":"CVE-2021-23840","qid":"670251","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1825)"},{"cve":"CVE-2021-23840","qid":"670315","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL11d) (EulerOS-SA-2021-1909)"},{"cve":"CVE-2021-23840","qid":"670316","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL098e) (EulerOS-SA-2021-1908)"},{"cve":"CVE-2021-23840","qid":"670317","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1907)"},{"cve":"CVE-2021-23840","qid":"670342","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1882)"},{"cve":"CVE-2021-23840","qid":"670369","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1956)"},{"cve":"CVE-2021-23840","qid":"670390","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-1935)"},{"cve":"CVE-2021-23840","qid":"670658","title":"EulerOS Security Update for Open Secure Sockets Layer (OpenSSL) (EulerOS-SA-2021-2416)"},{"cve":"CVE-2021-23840","qid":"670659","title":"EulerOS Security Update for Open Secure Sockets Layer098e (OpenSSL098e) openssl098e (EulerOS-SA-2021-2417)"},{"cve":"CVE-2021-23840","qid":"670660","title":"EulerOS Security Update for Open Secure Sockets Layer110f (openssl110f) (EulerOS-SA-2021-2418)"},{"cve":"CVE-2021-23840","qid":"670698","title":"EulerOS Security Update for Compat-Open Secure Sockets Layer10 (compat-openssl10) (EulerOS-SA-2021-2456)"},{"cve":"CVE-2021-23840","qid":"670784","title":"EulerOS Security Update for shim (EulerOS-SA-2021-2542)"},{"cve":"CVE-2021-23840","qid":"670808","title":"EulerOS Security Update for shim (EulerOS-SA-2021-2566)"},{"cve":"CVE-2021-23840","qid":"690211","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for node.js (2f3cd69e-7dee-11eb-b92e-0022489ad614)"},{"cve":"CVE-2021-23840","qid":"710009","title":"Gentoo Linux OpenSSL Multiple Vulnerabilities (GLSA 202103-03)"},{"cve":"CVE-2021-23840","qid":"730228","title":"McAfee Web Gateway Multiple Vulnerabilities (WP-3445, WP-3483, WP-3527, WP-3528, WP-3547, WP-3584,WP-3589,WP-3611)"},{"cve":"CVE-2021-23840","qid":"750308","title":"OpenSUSE Security Update for openssl-1_0_0 (openSUSE-SU-2021:0430-1)"},{"cve":"CVE-2021-23840","qid":"750310","title":"OpenSUSE Security Update for openssl-1_1 (openSUSE-SU-2021:0427-1)"},{"cve":"CVE-2021-23840","qid":"750335","title":"OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:0372-1)"},{"cve":"CVE-2021-23840","qid":"750340","title":"OpenSUSE Security Update for nodejs12 (openSUSE-SU-2021:0357-1)"},{"cve":"CVE-2021-23840","qid":"91782","title":"IBM Integration Bus and IBM App Connect Enterprise Open Secure Sockets Layer (OpenSSL) Multiple Vulnerabilities (6463979)"},{"cve":"CVE-2021-23840","qid":"940020","title":"AlmaLinux Security Update for edk2 (ALSA-2021:4198)"},{"cve":"CVE-2021-23840","qid":"940234","title":"AlmaLinux Security Update for Open Secure Sockets Layer (OpenSSL) (ALSA-2021:4424)"},{"cve":"CVE-2021-23840","qid":"960698","title":"Rocky Linux Security Update for edk2 (RLSA-2021:4198)"},{"cve":"CVE-2021-23840","qid":"960795","title":"Rocky Linux Security Update for Open Secure Sockets Layer (OpenSSL) (RLSA-2021:4424)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-03T19:14:09.252Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.openssl.org/news/secadv/20210216.txt"},{"tags":["x_transferred"],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1"},{"tags":["x_transferred"],"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"},{"name":"DSA-4855","tags":["vendor-advisory","x_transferred"],"url":"https://www.debian.org/security/2021/dsa-4855"},{"name":"GLSA-202103-03","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202103-03"},{"tags":["x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"tags":["x_transferred"],"url":"https://www.tenable.com/security/tns-2021-10"},{"tags":["x_transferred"],"url":"https://www.tenable.com/security/tns-2021-09"},{"tags":["x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20210219-0009/"},{"tags":["x_transferred"],"url":"https://www.tenable.com/security/tns-2021-03"},{"name":"[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"name":"[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"tags":["x_transferred"],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"tags":["x_transferred"],"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"},{"tags":["x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"tags":["x_transferred"],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10366"},{"tags":["x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_transferred"],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"tags":["x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20240621-0006/"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2021-23840","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-16T14:12:28.645674Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-190","description":"CWE-190 Integer Overflow or Wraparound","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-16T14:12:36.721Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"OpenSSL","vendor":"OpenSSL","versions":[{"status":"affected","version":"Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i)"},{"status":"affected","version":"Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)"}]}],"credits":[{"lang":"en","value":"Paul Kehrer"}],"datePublic":"2021-02-16T00:00:00.000Z","descriptions":[{"lang":"en","value":"Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."}],"metrics":[{"other":{"content":{"lang":"eng","url":"https://www.openssl.org/policies/secpolicy.html#Low","value":"Low"},"type":"unknown"}}],"problemTypes":[{"descriptions":[{"description":"Overflow","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2024-06-21T19:07:42.484Z","orgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","shortName":"openssl"},"references":[{"url":"https://www.openssl.org/news/secadv/20210216.txt"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1"},{"url":"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2"},{"name":"DSA-4855","tags":["vendor-advisory"],"url":"https://www.debian.org/security/2021/dsa-4855"},{"name":"GLSA-202103-03","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202103-03"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"url":"https://www.tenable.com/security/tns-2021-10"},{"url":"https://www.tenable.com/security/tns-2021-09"},{"url":"https://security.netapp.com/advisory/ntap-20210219-0009/"},{"url":"https://www.tenable.com/security/tns-2021-03"},{"name":"[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"},{"name":"[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10366"},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/"}],"title":"Integer overflow in CipherUpdate"}},"cveMetadata":{"assignerOrgId":"3a12439a-ef3a-4c79-92e6-6081a721f1e5","assignerShortName":"openssl","cveId":"CVE-2021-23840","datePublished":"2021-02-16T16:55:18.192Z","dateReserved":"2021-01-12T00:00:00.000Z","dateUpdated":"2026-04-16T14:12:36.721Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2021-02-16 17:15:13","lastModifiedDate":"2026-04-16 15:16:45","problem_types":["CWE-190","Overflow","CWE-190 CWE-190 Integer Overflow or Wraparound"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2y","matchCriteriaId":"F12DBEEA-AAB3-4383-A3E2-F865B960BA07"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1j","matchCriteriaId":"90147138-26F0-42CF-A1DB-BE1853885CA6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.8","matchCriteriaId":"D2D529D0-539D-4540-B70C-230D09A87572"},{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*","matchCriteriaId":"657682A0-54D5-4DC6-A98E-8BAF685926C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*","matchCriteriaId":"8FC5C76C-3474-4B26-8CF0-2DFAFA3D5458"},{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*","matchCriteriaId":"8661D361-71B5-4C41-A818-C89EC551D900"},{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*","matchCriteriaId":"253603DC-2D92-442A-B3A8-A63E14D8A070"},{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*","matchCriteriaId":"8E112CFF-31F9-4D87-9A1B-AE0FCF69615E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"D40AD626-B23A-44A3-A6C0-1FFB4D647AE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"B602F9E8-1580-436C-A26D-6E6F8121A583"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"77C3DD16-1D81-40E1-B312-50FBD275507C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"81DAC8C0-D342-44B5-9432-6B88D389584F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"B4367D9B-BF81-47AD-A840-AC46317C774D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"61516569-C48F-4362-B334-8CA10EDB0EC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B095CC03-7077-4A58-AB25-CC5380CDCE5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*","matchCriteriaId":"058C7C4B-D692-49DE-924A-C2725A8162D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"0F0434A5-F2A1-4973-917C-A95F2ABE97D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"96DD93E0-274E-4C36-99F3-EEF085E57655"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*","versionEndExcluding":"9.2.6.0","matchCriteriaId":"86305E47-33E9-411C-B932-08C395C09982"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*","matchCriteriaId":"0B1CAD50-749F-4ADB-A046-BF3585677A58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionEndExcluding":"5.7.33","matchCriteriaId":"C9E14DE8-29C1-4C0C-9B31-2E3A11EE68E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.15","versionEndExcluding":"8.0.23","matchCriteriaId":"FBE10671-5C91-4ACF-ABD2-255E9F2F9D79"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*","versionEndExcluding":"20.3","matchCriteriaId":"D04565AE-D092-4AE0-8FEE-0E8114662A1B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.0","matchCriteriaId":"A30F7908-5AF6-4761-BC6A-4C18EFAE48E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*","matchCriteriaId":"0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*","matchCriteriaId":"7B00DDE7-7002-45BE-8EDE-65D964922CB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*","matchCriteriaId":"DB88C165-BB24-49FB-AAF6-087A766D5AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*","matchCriteriaId":"FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*","matchCriteriaId":"7DE847E0-431D-497D-9C57-C4E59749F6A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*","matchCriteriaId":"46385384-5561-40AA-9FDE-A2DE4FDFAD3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*","matchCriteriaId":"B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*","matchCriteriaId":"9E4E5481-1070-4E1F-8679-1985DE4E785A"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*","matchCriteriaId":"D9EEA681-67FF-43B3-8610-0FA17FD279E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*","matchCriteriaId":"C33BA8EA-793D-4E79-BE9C-235ACE717216"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*","matchCriteriaId":"823DBE80-CB8D-4981-AE7C-28F3FDD40451"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"5E63B7B2-409A-476E-BA12-2A2D2F3B85DE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*","matchCriteriaId":"983D27DE-BC89-454E-AE47-95A26A3651E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"ADB5D4C9-DA14-4188-9181-17336F9445F6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*","matchCriteriaId":"5825AEE1-B668-40BD-86A9-2799430C742C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"0B65E2F3-57EC-46C0-BB4A-0A0F3F8D387E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*","matchCriteriaId":"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"90B7CFBF-761C-4EAA-A322-EF5E294AADED"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*","matchCriteriaId":"EE0CF40B-E5BD-4558-9321-184D58EF621D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"48B28ABF-7E1A-4A1E-8F78-0D95D7BDF886"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*","matchCriteriaId":"0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp2410","matchCriteriaId":"E74AAF52-1388-4BD9-B17B-3A6A32CA3608"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*","matchCriteriaId":"95503CE5-1D06-4092-A60D-D310AADCAFB1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"A107698C-9C63-44A9-8A2B-81EDD5702B4C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*","matchCriteriaId":"983D27DE-BC89-454E-AE47-95A26A3651E2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"0FC0460E-4695-44FB-99EE-28B2C957B760"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*","matchCriteriaId":"5825AEE1-B668-40BD-86A9-2799430C742C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"BD54A092-85A7-4459-9C69-19E6E24AC24B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*","matchCriteriaId":"3DA2D526-BDCF-4A65-914A-B3BA3A0CD613"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"5F813DBC-BA1E-4C73-AA11-1BD3F9508372"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*","matchCriteriaId":"EE0CF40B-E5BD-4558-9321-184D58EF621D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"EFDF4F39-1C6C-4AD3-99CF-BD5B44B8C71B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*","matchCriteriaId":"0F3C9C09-7B2B-4DB6-8BE0-35302ED35776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"xcp3110","matchCriteriaId":"416B805F-799A-4466-AC5A-93D083A2ABBD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*","matchCriteriaId":"95503CE5-1D06-4092-A60D-D310AADCAFB1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.12.0","matchCriteriaId":"25A3180B-21AF-4010-9DAB-41ADFD2D8031"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"10.13.0","versionEndExcluding":"10.24.0","matchCriteriaId":"67D64118-C228-41AF-8193-F90A772AAB8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.12.0","matchCriteriaId":"564ED5C8-50D7-413A-B88E-E62B6C07336A"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"12.13.0","versionEndExcluding":"12.21.0","matchCriteriaId":"F1D6CFAA-BEDB-40EB-BDE6-35BBA99F0BB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"14.0.0","versionEndIncluding":"14.14.0","matchCriteriaId":"428DCD7B-6F66-4F18-B780-5BD80143D482"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"15.0.0","versionEndExcluding":"15.10.0","matchCriteriaId":"E640EA36-17B2-4745-A831-AB8655F3579D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:14.15.0:*:*:*:lts:*:*:*","matchCriteriaId":"0425023F-CA30-4447-AD5C-B76556461CCC"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"23840","Ordinal":"1","Title":"Integer overflow in CipherUpdate","CVE":"CVE-2021-23840","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"23840","Ordinal":"1","NoteData":"Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).","Type":"Description","Title":"Integer overflow in CipherUpdate"},{"CveYear":"2021","CveId":"23840","Ordinal":"2","NoteData":"2021-02-16","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"23840","Ordinal":"3","NoteData":"2022-02-07","Type":"Other","Title":"Modified"}]}}}