Test ID:	1.3.6.1.4.1.25623.1.0.104839
Category:	General
Title:	OpenSSL Information Disclosure Vulnerability (20230714) - Windows
Summary:	OpenSSL is prone to an information disclosure vulnerability.
Description:	Summary: OpenSSL is prone to an information disclosure vulnerability. Vulnerability Insight: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Vulnerability Impact: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding or reordering such empty entries as these are ignored by the OpenSSL implementation. The vendor is currently unaware of any such applications. Affected Software/OS: OpenSSL version 3.0 and 3.1. Solution: Update to version 3.0.10, 3.1.2 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-2975 https://security.gentoo.org/glsa/202402-08 3.0.10 git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598 3.1.2 git commit https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc OpenSSL Advisory https://www.openssl.org/news/secadv/20230714.txt http://www.openwall.com/lists/oss-security/2023/07/15/1 http://www.openwall.com/lists/oss-security/2023/07/19/5
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.