Calls to EVPCipherUpdate, EVPEncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
{
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "xcp2410"
},
{
"fixed": "xcp3110"
}
],
"source": "CPE_RANGE",
"vendor_product": "fujitsu:m10-1_firmware",
"cpes": [
"cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "xcp2410"
},
{
"fixed": "xcp3110"
}
],
"source": "CPE_RANGE",
"vendor_product": "fujitsu:m10-4_firmware",
"cpes": [
"cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "xcp2410"
},
{
"fixed": "xcp3110"
}
],
"source": "CPE_RANGE",
"vendor_product": "fujitsu:m10-4s_firmware",
"cpes": [
"cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "xcp2410"
},
{
"fixed": "xcp3110"
}
],
"source": "CPE_RANGE",
"vendor_product": "fujitsu:m12-1_firmware",
"cpes": [
"cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "xcp2410"
},
{
"fixed": "xcp3110"
}
],
"source": "CPE_RANGE",
"vendor_product": "fujitsu:m12-2_firmware",
"cpes": [
"cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "xcp2410"
},
{
"fixed": "xcp3110"
}
],
"source": "CPE_RANGE",
"vendor_product": "fujitsu:m12-2s_firmware",
"cpes": [
"cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "5.10.0"
}
],
"source": "CPE_RANGE",
"vendor_product": "mcafee:epolicy_orchestrator",
"cpes": [
"cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "9.2.6.0"
}
],
"source": "CPE_RANGE",
"vendor_product": "oracle:jd_edwards_enterpriseone_tools",
"cpes": [
"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "20.3"
}
],
"source": "CPE_RANGE",
"vendor_product": "oracle:nosql_database",
"cpes": [
"cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"fixed": "6.0.8"
}
],
"source": "CPE_RANGE",
"vendor_product": "tenable:log_correlation_engine",
"cpes": [
"cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "10.0"
},
{
"last_affected": "10.0"
}
],
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux",
"cpes": [
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "5.10.0-NA"
},
{
"last_affected": "5.10.0-NA"
},
{
"introduced": "5.10.0-update_1"
},
{
"last_affected": "5.10.0-update_1"
},
{
"introduced": "5.10.0-update_10"
},
{
"last_affected": "5.10.0-update_10"
},
{
"introduced": "5.10.0-update_2"
},
{
"last_affected": "5.10.0-update_2"
},
{
"introduced": "5.10.0-update_3"
},
{
"last_affected": "5.10.0-update_3"
},
{
"introduced": "5.10.0-update_4"
},
{
"last_affected": "5.10.0-update_4"
},
{
"introduced": "5.10.0-update_5"
},
{
"last_affected": "5.10.0-update_5"
},
{
"introduced": "5.10.0-update_6"
},
{
"last_affected": "5.10.0-update_6"
},
{
"introduced": "5.10.0-update_7"
},
{
"last_affected": "5.10.0-update_7"
},
{
"introduced": "5.10.0-update_8"
},
{
"last_affected": "5.10.0-update_8"
},
{
"introduced": "5.10.0-update_9"
},
{
"last_affected": "5.10.0-update_9"
}
],
"source": "CPE_STRING",
"vendor_product": "mcafee:epolicy_orchestrator",
"cpes": [
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
"cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "5.5.0.0.0"
},
{
"last_affected": "5.5.0.0.0"
},
{
"introduced": "5.9.0.0.0"
},
{
"last_affected": "5.9.0.0.0"
},
{
"introduced": "12.2.1.3.0"
},
{
"last_affected": "12.2.1.3.0"
},
{
"introduced": "12.2.1.4.0"
},
{
"last_affected": "12.2.1.4.0"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:business_intelligence",
"cpes": [
"cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "1.15.0"
},
{
"last_affected": "1.15.0"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:communications_cloud_native_core_policy",
"cpes": [
"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "13.4.0.0"
},
{
"last_affected": "13.4.0.0"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:enterprise_manager_for_storage_management",
"cpes": [
"cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "12.4.0.0"
},
{
"last_affected": "12.4.0.0"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:enterprise_manager_ops_center",
"cpes": [
"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "a9.4"
},
{
"last_affected": "a9.4"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:jd_edwards_world_security",
"cpes": [
"cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "5.11.0"
},
{
"last_affected": "5.11.0"
},
{
"introduced": "5.11.1"
},
{
"last_affected": "5.11.1"
},
{
"introduced": "5.12.0"
},
{
"last_affected": "5.12.0"
},
{
"introduced": "5.12.1"
},
{
"last_affected": "5.12.1"
},
{
"introduced": "5.13.0"
},
{
"last_affected": "5.13.0"
}
],
"source": "CPE_STRING",
"vendor_product": "tenable:nessus_network_monitor",
"cpes": [
"cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:*",
"cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:*",
"cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:*",
"cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:*"
]
}
]
}{
"source": "CPE_STRING",
"cpe": [
"cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:*",
"cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:*"
],
"extracted_events": [
{
"introduced": "19.3.5"
},
{
"last_affected": "19.3.5"
},
{
"introduced": "20.3.1.2"
},
{
"last_affected": "20.3.1.2"
},
{
"introduced": "21.0.0.2"
},
{
"last_affected": "21.0.0.2"
}
]
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "5.7.33"
},
{
"introduced": "8.0.15"
},
{
"fixed": "8.0.23"
}
]
}"2026-07-08T21:26:04Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json"
[
{
"id": "CVE-2021-23840-a59356ae",
"digest": {
"line_hashes": [
"286756561296075042237231219649184368171",
"302896255058266923472696425836035569717",
"300297427993859605007554044173966498739",
"175565100923089660637647648328373853699",
"71802579880224164103266412744806334599",
"315666916814277685292192961936838231932",
"198092292660585766502869236426726266894",
"162640942130416387239939759911226756525"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/mysql/mysql-server/commit/e5d189ecb9465f4be6235109dd3dbcaab01ddc53",
"deprecated": false,
"target": {
"file": "include/welcome_copyright_notice.h"
}
}
]
{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
"cpe:2.3:a:nodejs:node.js:14.15.0:*:*:*:lts:*:*:*"
],
"extracted_events": [
{
"introduced": "10.0.0"
},
{
"last_affected": "10.12.0"
},
{
"introduced": "10.13.0"
},
{
"fixed": "10.24.0"
},
{
"introduced": "12.0.0"
},
{
"last_affected": "12.12.0"
},
{
"introduced": "12.13.0"
},
{
"fixed": "12.21.0"
},
{
"introduced": "14.0.0"
},
{
"last_affected": "14.14.0"
},
{
"introduced": "15.0.0"
},
{
"fixed": "15.10.0"
},
{
"introduced": "14.15.0"
},
{
"last_affected": "14.15.0"
}
]
}"2026-07-08T21:26:04Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23840.json"
[
{
"id": "CVE-2021-23840-c377fa22",
"digest": {
"line_hashes": [
"28170854778703993674264004058177114599",
"73132526844288570625317440636111911761",
"177405411499435185068645597737938634778",
"224809958623850711330610094965797758930",
"295554444428855106393106961197201359586"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
"deprecated": false,
"target": {
"file": "include/openssl/opensslv.h"
}
},
{
"id": "CVE-2021-23840-e051451f",
"digest": {
"line_hashes": [
"251633914150035957322733061977107206211",
"338514574181828579838011565939158652696",
"76638288692106140328510055542557597351",
"142922657400765574308962710386922248045",
"71649992455794854055653842592139575350",
"65527166711110472566013424527579064967",
"253196866009476977787139000804413898733",
"172177136897997206866313011107384691461"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8",
"deprecated": false,
"target": {
"file": "crypto/opensslv.h"
}
}
]