CVE-2023-6129
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/01/2024
Last modified:
20/06/2025
Description
Issue summary: The POLY1305 MAC (message authentication code) implementation<br />
contains a bug that might corrupt the internal state of applications running<br />
on PowerPC CPU based platforms if the CPU provides vector instructions.<br />
<br />
Impact summary: If an attacker can influence whether the POLY1305 MAC<br />
algorithm is used, the application state might be corrupted with various<br />
application dependent consequences.<br />
<br />
The POLY1305 MAC (message authentication code) implementation in OpenSSL for<br />
PowerPC CPUs restores the contents of vector registers in a different order<br />
than they are saved. Thus the contents of some of these vector registers<br />
are corrupted when returning to the caller. The vulnerable code is used only<br />
on newer PowerPC processors supporting the PowerISA 2.07 instructions.<br />
<br />
The consequences of this kind of internal application state corruption can<br />
be various - from no consequences, if the calling application does not<br />
depend on the contents of non-volatile XMM registers at all, to the worst<br />
consequences, where the attacker could get complete control of the application<br />
process. However unless the compiler uses the vector registers for storing<br />
pointers, the most likely consequence, if any, would be an incorrect result<br />
of some application dependent calculations or a crash leading to a denial of<br />
service.<br />
<br />
The POLY1305 MAC algorithm is most frequently used as part of the<br />
CHACHA20-POLY1305 AEAD (authenticated encryption with associated data)<br />
algorithm. The most common usage of this AEAD cipher is with TLS protocol<br />
versions 1.2 and 1.3. If this cipher is enabled on the server a malicious<br />
client can influence whether this AEAD cipher is used. This implies that<br />
TLS server applications using OpenSSL can be potentially impacted. However<br />
we are currently not aware of any concrete application that would be affected<br />
by this issue therefore we consider this a Low severity security issue.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.0.0 (including) | 3.0.12 (including) |
| cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* | 3.1.0 (including) | 3.1.4 (including) |
| cpe:2.3:a:openssl:openssl:3.2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35
- https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04
- https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015
- https://www.openssl.org/news/secadv/20240109.txt
- http://www.openwall.com/lists/oss-security/2024/03/11/1
- https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35
- https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04
- https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015
- https://security.netapp.com/advisory/ntap-20240216-0009/
- https://security.netapp.com/advisory/ntap-20240426-0008/
- https://security.netapp.com/advisory/ntap-20240426-0013/
- https://security.netapp.com/advisory/ntap-20240503-0011/
- https://www.openssl.org/news/secadv/20240109.txt