CVE-2021-23840
- Source
- https://cve.org/CVERecord?id=CVE-2021-23840
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-23840
- Aliases
- Downstream
- Related
- Published
- 2021-02-16T17:15:13.300Z
- Modified
- 2026-04-16T04:39:06.483432537Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
- References
-
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1
- https://security.gentoo.org/glsa/202103-03
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.tenable.com/security/tns-2021-09
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846
- https://www.debian.org/security/2021/dsa-4855
- https://www.openssl.org/news/secadv/20210216.txt
- https://www.tenable.com/security/tns-2021-03
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
- https://kc.mcafee.com/corporate/index?page=content&id=SB10366
- https://security.netapp.com/advisory/ntap-20210219-0009/
- https://www.tenable.com/security/tns-2021-10
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Affected packages
Git / github.com/graalvm/graalvm-ce-builds
Affected ranges
- Type
- GIT
- Repo
- https://github.com/graalvm/graalvm-ce-builds
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "19.3.5" }, { "introduced": "0" }, { "last_affected": "20.3.1.2" }, { "introduced": "0" }, { "last_affected": "21.0.0.2" } ] }
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "a9.4" }, { "introduced": "0" }, { "fixed": "5.7.33" }, { "introduced": "8.0.15" }, { "fixed": "8.0.23" } ] }
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "10.0" }, { "introduced": "0" }, { "last_affected": "5.11.0" }, { "introduced": "0" }, { "last_affected": "5.11.1" }, { "introduced": "0" }, { "last_affected": "5.12.0" }, { "introduced": "0" }, { "fixed": "20.3" }, { "introduced": "0" }, { "fixed": "5.10.0" }, { "introduced": "0" }, { "last_affected": "5.10.0-NA" }, { "introduced": "10.0.0" }, { "last_affected": "10.12.0" }, { "introduced": "10.13.0" }, { "fixed": "10.24.0" }, { "introduced": "12.0.0" }, { "last_affected": "12.12.0" }, { "introduced": "12.13.0" }, { "fixed": "12.21.0" }, { "introduced": "14.0.0" }, { "last_affected": "14.14.0" }, { "introduced": "15.0.0" }, { "fixed": "15.10.0" }, { "introduced": "0" }, { "last_affected": "14.15.0" } ] }
Affected versions
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-5.*
mysql-5.1.4
mysql-5.7.31
mysql-5.7.32
mysql-9.*
mysql-9.0.0-release
mysql-9.4.0
mysql-cluster-9.*
mysql-cluster-9.4.0
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v10.16.3
v10.17.0
v10.18.0
v10.18.1
v10.19.0
v10.2.0
v10.2.1
v10.20.0
v10.20.1
v10.21.0
v10.22.0
v10.22.1
v10.23.0
v10.23.1
v10.23.2
v10.23.3
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.11.1
v12.12.0
v12.13.0
v12.13.1
v12.14.0
v12.14.1
v12.15.0
v12.16.0
v12.16.1
v12.16.2
v12.16.3
v12.17.0
v12.18.0
v12.18.1
v12.18.2
v12.18.3
v12.18.4
v12.19.0
v12.19.1
v12.2.0
v12.20.0
v12.20.1
v12.20.2
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1
v14.*
v14.0.0
v14.1.0
v14.10.0
v14.10.1
v14.11.0
v14.12.0
v14.13.0
v14.13.1
v14.14.0
v14.15.0
v14.2.0
v14.3.0
v14.4.0
v14.5.0
v14.6.0
v14.7.0
v14.8.0
v14.9.0
v15.*
v15.0.0
v15.0.1
v15.1.0
v15.2.0
v15.2.1
v15.3.0
v15.4.0
v15.5.0
v15.5.1
v15.6.0
v15.7.0
v15.8.0
v15.9.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v20.*
v20.0.0
v20.1.0
v20.2.0
v3.*
v3.0.0
v5.*
v5.0.0
v5.1.0
v5.1.1
v5.10.0
v5.10.1
v5.11.0
v5.11.1
v5.12.0
v5.2.0
v5.3.0
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v5.9.0
v5.9.1
vm-19.*
vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-20.*
vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-21.*
vm-21.0.0
vm-21.0.0.2
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json"
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"286756561296075042237231219649184368171",
"302896255058266923472696425836035569717",
"300297427993859605007554044173966498739",
"175565100923089660637647648328373853699",
"71802579880224164103266412744806334599",
"315666916814277685292192961936838231932",
"198092292660585766502869236426726266894",
"162640942130416387239939759911226756525"
]
},
"id": "CVE-2021-23840-a59356ae",
"signature_version": "v1",
"source": "https://github.com/mysql/mysql-server/commit/e5d189ecb9465f4be6235109dd3dbcaab01ddc53",
"signature_type": "Line",
"target": {
"file": "include/welcome_copyright_notice.h"
},
"deprecated": false
},
{
"source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
"target": {
"file": "include/openssl/opensslv.h"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"28170854778703993674264004058177114599",
"73132526844288570625317440636111911761",
"177405411499435185068645597737938634778",
"224809958623850711330610094965797758930",
"295554444428855106393106961197201359586"
]
},
"id": "CVE-2021-23840-c377fa22"
},
{
"source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8",
"target": {
"file": "crypto/opensslv.h"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-23840-e051451f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"251633914150035957322733061977107206211",
"338514574181828579838011565939158652696",
"76638288692106140328510055542557597351",
"142922657400765574308962710386922248045",
"71649992455794854055653842592139575350",
"65527166711110472566013424527579064967",
"253196866009476977787139000804413898733",
"172177136897997206866313011107384691461"
]
}
}
]
vanir_signatures_modified
"2026-04-11T13:53:53Z"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.12.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.13.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.5.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.9.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.2.1.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.4.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.4.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2.6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.10.0-update_9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp2410"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "xcp3110"
}
]
}
]