CVE-2021-23840

Source
https://cve.org/CVERecord?id=CVE-2021-23840
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-23840
Aliases
Downstream
Related
Published
2021-02-16T17:15:13.300Z
Modified
2026-07-08T21:26:04.971141Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Database specific
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "xcp2410"
                },
                {
                    "fixed": "xcp3110"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "fujitsu:m10-1_firmware",
            "cpes": [
                "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "xcp2410"
                },
                {
                    "fixed": "xcp3110"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "fujitsu:m10-4_firmware",
            "cpes": [
                "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "xcp2410"
                },
                {
                    "fixed": "xcp3110"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "fujitsu:m10-4s_firmware",
            "cpes": [
                "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "xcp2410"
                },
                {
                    "fixed": "xcp3110"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "fujitsu:m12-1_firmware",
            "cpes": [
                "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "xcp2410"
                },
                {
                    "fixed": "xcp3110"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "fujitsu:m12-2_firmware",
            "cpes": [
                "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "xcp2410"
                },
                {
                    "fixed": "xcp3110"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "fujitsu:m12-2s_firmware",
            "cpes": [
                "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "5.10.0"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "mcafee:epolicy_orchestrator",
            "cpes": [
                "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "9.2.6.0"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:jd_edwards_enterpriseone_tools",
            "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "20.3"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "oracle:nosql_database",
            "cpes": [
                "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "fixed": "6.0.8"
                }
            ],
            "source": "CPE_RANGE",
            "vendor_product": "tenable:log_correlation_engine",
            "cpes": [
                "cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "10.0"
                },
                {
                    "last_affected": "10.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "debian:debian_linux",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "5.10.0-NA"
                },
                {
                    "last_affected": "5.10.0-NA"
                },
                {
                    "introduced": "5.10.0-update_1"
                },
                {
                    "last_affected": "5.10.0-update_1"
                },
                {
                    "introduced": "5.10.0-update_10"
                },
                {
                    "last_affected": "5.10.0-update_10"
                },
                {
                    "introduced": "5.10.0-update_2"
                },
                {
                    "last_affected": "5.10.0-update_2"
                },
                {
                    "introduced": "5.10.0-update_3"
                },
                {
                    "last_affected": "5.10.0-update_3"
                },
                {
                    "introduced": "5.10.0-update_4"
                },
                {
                    "last_affected": "5.10.0-update_4"
                },
                {
                    "introduced": "5.10.0-update_5"
                },
                {
                    "last_affected": "5.10.0-update_5"
                },
                {
                    "introduced": "5.10.0-update_6"
                },
                {
                    "last_affected": "5.10.0-update_6"
                },
                {
                    "introduced": "5.10.0-update_7"
                },
                {
                    "last_affected": "5.10.0-update_7"
                },
                {
                    "introduced": "5.10.0-update_8"
                },
                {
                    "last_affected": "5.10.0-update_8"
                },
                {
                    "introduced": "5.10.0-update_9"
                },
                {
                    "last_affected": "5.10.0-update_9"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "mcafee:epolicy_orchestrator",
            "cpes": [
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
                "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "5.5.0.0.0"
                },
                {
                    "last_affected": "5.5.0.0.0"
                },
                {
                    "introduced": "5.9.0.0.0"
                },
                {
                    "last_affected": "5.9.0.0.0"
                },
                {
                    "introduced": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "introduced": "12.2.1.4.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:business_intelligence",
            "cpes": [
                "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
                "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
                "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
                "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "1.15.0"
                },
                {
                    "last_affected": "1.15.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:communications_cloud_native_core_policy",
            "cpes": [
                "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "13.4.0.0"
                },
                {
                    "last_affected": "13.4.0.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:enterprise_manager_for_storage_management",
            "cpes": [
                "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "12.4.0.0"
                },
                {
                    "last_affected": "12.4.0.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:enterprise_manager_ops_center",
            "cpes": [
                "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "a9.4"
                },
                {
                    "last_affected": "a9.4"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "oracle:jd_edwards_world_security",
            "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*"
            ]
        },
        {
            "extracted_events": [
                {
                    "introduced": "5.11.0"
                },
                {
                    "last_affected": "5.11.0"
                },
                {
                    "introduced": "5.11.1"
                },
                {
                    "last_affected": "5.11.1"
                },
                {
                    "introduced": "5.12.0"
                },
                {
                    "last_affected": "5.12.0"
                },
                {
                    "introduced": "5.12.1"
                },
                {
                    "last_affected": "5.12.1"
                },
                {
                    "introduced": "5.13.0"
                },
                {
                    "last_affected": "5.13.0"
                }
            ],
            "source": "CPE_STRING",
            "vendor_product": "tenable:nessus_network_monitor",
            "cpes": [
                "cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*"
            ]
        }
    ]
}
References

Affected packages

Git
github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": [
        "cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "19.3.5"
        },
        {
            "last_affected": "19.3.5"
        },
        {
            "introduced": "20.3.1.2"
        },
        {
            "last_affected": "20.3.1.2"
        },
        {
            "introduced": "21.0.0.2"
        },
        {
            "last_affected": "21.0.0.2"
        }
    ]
}

Affected versions

19.*
19.3.5
20.*
20.3.1.2
21.*
21.0.0.2
vm-19.*
vm-19.3.5
vm-20.*
vm-20.3.1
vm-21.*
vm-21.0.0
vm-21.0.0.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json"
github.com/mysql/mysql-server

Affected ranges

Type
GIT
Repo
https://github.com/mysql/mysql-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.7.33"
        },
        {
            "introduced": "8.0.15"
        },
        {
            "fixed": "8.0.23"
        }
    ]
}

Affected versions

mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.7.31
mysql-5.7.32

Database specific

vanir_signatures_modified
"2026-07-08T21:26:04Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json"
vanir_signatures
[
    {
        "id": "CVE-2021-23840-a59356ae",
        "digest": {
            "line_hashes": [
                "286756561296075042237231219649184368171",
                "302896255058266923472696425836035569717",
                "300297427993859605007554044173966498739",
                "175565100923089660637647648328373853699",
                "71802579880224164103266412744806334599",
                "315666916814277685292192961936838231932",
                "198092292660585766502869236426726266894",
                "162640942130416387239939759911226756525"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/mysql/mysql-server/commit/e5d189ecb9465f4be6235109dd3dbcaab01ddc53",
        "deprecated": false,
        "target": {
            "file": "include/welcome_copyright_notice.h"
        }
    }
]
github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
        "cpe:2.3:a:nodejs:node.js:14.15.0:*:*:*:lts:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.12.0"
        },
        {
            "introduced": "10.13.0"
        },
        {
            "fixed": "10.24.0"
        },
        {
            "introduced": "12.0.0"
        },
        {
            "last_affected": "12.12.0"
        },
        {
            "introduced": "12.13.0"
        },
        {
            "fixed": "12.21.0"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.14.0"
        },
        {
            "introduced": "15.0.0"
        },
        {
            "fixed": "15.10.0"
        },
        {
            "introduced": "14.15.0"
        },
        {
            "last_affected": "14.15.0"
        }
    ]
}

Affected versions

14.*
14.15.0
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v10.16.3
v10.17.0
v10.18.0
v10.18.1
v10.19.0
v10.2.0
v10.2.1
v10.20.0
v10.20.1
v10.21.0
v10.22.0
v10.22.1
v10.23.0
v10.23.1
v10.23.2
v10.23.3
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.11.1
v12.12.0
v12.13.0
v12.13.1
v12.14.0
v12.14.1
v12.15.0
v12.16.0
v12.16.1
v12.16.2
v12.16.3
v12.17.0
v12.18.0
v12.18.1
v12.18.2
v12.18.3
v12.18.4
v12.19.0
v12.19.1
v12.2.0
v12.20.0
v12.20.1
v12.20.2
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1
v14.*
v14.0.0
v14.1.0
v14.10.0
v14.10.1
v14.11.0
v14.12.0
v14.13.0
v14.13.1
v14.14.0
v14.15.0
v14.2.0
v14.3.0
v14.4.0
v14.5.0
v14.6.0
v14.7.0
v14.8.0
v14.9.0
v15.*
v15.0.0
v15.0.1
v15.1.0
v15.2.0
v15.2.1
v15.3.0
v15.4.0
v15.5.0
v15.5.1
v15.6.0
v15.7.0
v15.8.0
v15.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json"
github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.0.2"
        },
        {
            "fixed": "1.0.2y"
        },
        {
            "introduced": "1.1.1"
        },
        {
            "fixed": "1.1.1j"
        }
    ]
}

Database specific

vanir_signatures_modified
"2026-07-08T21:26:04Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json"
vanir_signatures
[
    {
        "id": "CVE-2021-23840-c377fa22",
        "digest": {
            "line_hashes": [
                "28170854778703993674264004058177114599",
                "73132526844288570625317440636111911761",
                "177405411499435185068645597737938634778",
                "224809958623850711330610094965797758930",
                "295554444428855106393106961197201359586"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
        "deprecated": false,
        "target": {
            "file": "include/openssl/opensslv.h"
        }
    },
    {
        "id": "CVE-2021-23840-e051451f",
        "digest": {
            "line_hashes": [
                "251633914150035957322733061977107206211",
                "338514574181828579838011565939158652696",
                "76638288692106140328510055542557597351",
                "142922657400765574308962710386922248045",
                "71649992455794854055653842592139575350",
                "65527166711110472566013424527579064967",
                "253196866009476977787139000804413898733",
                "172177136897997206866313011107384691461"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8",
        "deprecated": false,
        "target": {
            "file": "crypto/opensslv.h"
        }
    }
]