cve/2023/CVE-2023-1255.md

### [CVE-2023-1255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1255)
![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.1.0%3C%203.1.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=buffer%20over-read&color=brighgreen)

### Description

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform will readpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/VAN-ALLY/Anchore
- https://github.com/anchore/grype
- https://github.com/vissu99/grype-0.70.0
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-1255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1255)`
			`![](https://img.shields.io/static/v1?label=Product&message=OpenSSL&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.1.0%3C%203.1.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=buffer%20over-read&color=brighgreen)`

			`### Description`

			Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARMplatform contains a bug that could cause it to read past the input buffer,leading to a crash.Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARMplatform can crash in rare circumstances. The AES-XTS algorithm is usuallyused for disk encryption.The AES-XTS cipher decryption implementation for 64 bit ARM platform will readpast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertextbuffer is unmapped, this will trigger a crash which results in a denial ofservice.If an attacker can control the size and location of the ciphertext bufferbeing decrypted by an application using AES-XTS on 64 bit ARM, theapplication is affected. This is fairly unlikely making this issuea Low severity one.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/VAN-ALLY/Anchore`
			`- https://github.com/anchore/grype`
			`- https://github.com/vissu99/grype-0.70.0`