CVE-2021-23840
- Source
- https://cve.org/CVERecord?id=CVE-2021-23840
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-23840
- Aliases
- Downstream
- Related
- Published
- 2021-02-16T17:15:13.300Z
- Modified
- 2026-03-10T23:26:27.260399Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
- References
-
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
- https://security.netapp.com/advisory/ntap-20210219-0009/
- https://www.debian.org/security/2021/dsa-4855
- https://www.tenable.com/security/tns-2021-09
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10366
- https://www.tenable.com/security/tns-2021-10
- https://www.openssl.org/news/secadv/20210216.txt
- https://security.gentoo.org/glsa/202103-03
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.tenable.com/security/tns-2021-03
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Affected packages
Git / github.com/graalvm/graalvm-ce-builds
Affected ranges
- Type
- GIT
- Repo
- https://github.com/graalvm/graalvm-ce-builds
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "19.3.5" }, { "introduced": "0" }, { "last_affected": "20.3.1.2" }, { "introduced": "0" }, { "last_affected": "21.0.0.2" } ] }
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "a9.4" }, { "introduced": "0" }, { "fixed": "5.7.33" }, { "introduced": "8.0.15" }, { "fixed": "8.0.23" } ] }
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
IntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "1.0.2" }, { "fixed": "1.0.2y" }, { "introduced": "0" }, { "last_affected": "10.0" }, { "introduced": "0" }, { "last_affected": "5.11.0" }, { "introduced": "0" }, { "last_affected": "5.11.1" }, { "introduced": "0" }, { "last_affected": "5.12.0" }, { "introduced": "0" }, { "fixed": "20.3" }, { "introduced": "0" }, { "fixed": "5.10.0" }, { "introduced": "0" }, { "last_affected": "5.10.0-NA" }, { "introduced": "10.0.0" }, { "last_affected": "10.12.0" }, { "introduced": "10.13.0" }, { "fixed": "10.24.0" }, { "introduced": "12.0.0" }, { "last_affected": "12.12.0" }, { "introduced": "12.13.0" }, { "fixed": "12.21.0" }, { "introduced": "14.0.0" }, { "last_affected": "14.14.0" }, { "introduced": "15.0.0" }, { "fixed": "15.10.0" }, { "introduced": "0" }, { "last_affected": "14.15.0" } ] }
Affected versions
Other
OpenSSL_1_1_1w
mysql-5.*
mysql-5.5.63
mysql-5.6.43
mysql-5.6.45
mysql-5.6.46
mysql-5.6.47
mysql-5.6.48
mysql-5.6.49
mysql-5.6.50
mysql-5.7.25
mysql-5.7.26
mysql-5.7.27
mysql-5.7.28
mysql-5.7.29
mysql-5.7.30
mysql-5.7.31
mysql-5.7.32
mysql-8.*
mysql-8.0.15
v1.*
v1.0.2
v1.0.2-release
vm-19.*
vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-20.*
vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"286756561296075042237231219649184368171",
"302896255058266923472696425836035569717",
"300297427993859605007554044173966498739",
"175565100923089660637647648328373853699",
"71802579880224164103266412744806334599",
"315666916814277685292192961936838231932",
"198092292660585766502869236426726266894",
"162640942130416387239939759911226756525"
]
},
"source": "https://github.com/mysql/mysql-server/commit/e5d189ecb9465f4be6235109dd3dbcaab01ddc53",
"signature_type": "Line",
"id": "CVE-2021-23840-a59356ae",
"target": {
"file": "include/welcome_copyright_notice.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"28170854778703993674264004058177114599",
"73132526844288570625317440636111911761",
"177405411499435185068645597737938634778",
"224809958623850711330610094965797758930",
"295554444428855106393106961197201359586"
]
},
"source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
"signature_type": "Line",
"id": "CVE-2021-23840-c377fa22",
"target": {
"file": "include/openssl/opensslv.h"
}
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.12.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.5.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.9.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.4.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.4.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2.6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
}
]