summaryrefslogtreecommitdiffstats
path: root/CHANGES.md
diff options
context:
space:
mode:
Diffstat (limited to 'CHANGES.md')
-rw-r--r--CHANGES.md10
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 5397519a9e..e4c288e978 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,15 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 3.0.8 and 3.0.9 [xx XXX xxxx]
+ * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
+ happens if the buffer size is 4 mod 5. This can trigger a crash of an
+ application using AES-XTS decryption if the memory just after the buffer
+ being decrypted is not mapped.
+ Thanks to Anton Romanov (Amazon) for discovering the issue.
+ ([CVE-2023-1255])
+
+ *Nevine Ebeid*
+
* Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]).
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
@@ -19617,6 +19626,7 @@ ndif
<!-- Links -->
+[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 23:58:08 +0000