diff options
author | Tomas Mraz <tomas@openssl.org> | 2023-04-21 10:14:13 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-04-26 15:38:58 +0200 |
commit | 39ed41b59db4051f14725114372f596203685368 (patch) | |
tree | 4cf360dcfd9b2e2e7a1b76ec64998f0854c3d051 /CHANGES.md | |
parent | 2fad00207ea1a612b450a8ccc49f41d478cbc456 (diff) |
Correct the CHANGES entry for CVE-2023-1255
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20798)
(cherry picked from commit e6990079c2413625d2039ebed49ea17a5b8cf935)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/CHANGES.md b/CHANGES.md index e4c288e978..5f301e189a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -31,9 +31,9 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.8 and 3.0.9 [xx XXX xxxx] * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which - happens if the buffer size is 4 mod 5. This can trigger a crash of an - application using AES-XTS decryption if the memory just after the buffer - being decrypted is not mapped. + happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can + trigger a crash of an application using AES-XTS decryption if the memory + just after the buffer being decrypted is not mapped. Thanks to Anton Romanov (Amazon) for discovering the issue. ([CVE-2023-1255]) |