Sign In

CVE-2023-1255

SOURCE - nist

Summary

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service.

If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one.

EPSS Score: 0.00092 (0.400)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-125

Out-of-bounds Read

SOURCE - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-125

Out-of-bounds Read

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Sources (14)

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in