diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-04-21 10:14:13 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-04-26 15:37:42 +0200 |
commit | 38f12f428084ebca77558b536bf9a87bf6b127a8 (patch) | |
tree | ef6182b8302b971efcae84c6baf73e12f64f1901 | |
parent | adc6b42612511bab57ed85f5fae4d1a4e026dd06 (diff) | |
download | openssl-new-38f12f428084ebca77558b536bf9a87bf6b127a8.tar.gz |
Correct the CHANGES entry for CVE-2023-1255
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20798)
(cherry picked from commit e6990079c2413625d2039ebed49ea17a5b8cf935)
-rw-r--r-- | CHANGES.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/CHANGES.md b/CHANGES.md index 7784b4966f..64bdcf4ba3 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,9 +25,9 @@ OpenSSL 3.1 ### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx] * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which - happens if the buffer size is 4 mod 5. This can trigger a crash of an - application using AES-XTS decryption if the memory just after the buffer - being decrypted is not mapped. + happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can + trigger a crash of an application using AES-XTS decryption if the memory + just after the buffer being decrypted is not mapped. Thanks to Anton Romanov (Amazon) for discovering the issue. ([CVE-2023-1255]) |