FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenSSL -- AES-SIV implementation ignores empty associated data entries

Affected packages
openssl30 < 3.0.9_1
openssl31 < 3.1.1_1


VuXML ID 41c60e16-2405-11ee-a0d1-84a93843eb75
Discovery 2023-07-14
Entry 2023-07-16

The OpenSSL project reports:

The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence.


CVE Name CVE-2023-2975