{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2023/cve-2023-5678-els_os-rhel7els.json" } ], "tracking": { "current_release_date": "2026-04-17T16:04:22Z", "generator": { "date": "2026-04-17T16:04:22Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-5678-ELS_OS-RHEL7ELS", "initial_release_date": "2023-11-06T16:15:00Z", "revision_history": [ { "date": "2023-11-06T16:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-17T16:04:22Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2023-5678" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product": { "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product_id": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@1.0.2k-26.el7_9.tuxcare.els7?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product": { "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product_id": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@1.0.2k-26.el7_9.tuxcare.els6?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product": { "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product_id": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@1.0.2k-26.el7_9.tuxcare.els6?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product": { "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product_id": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@1.0.2k-26.el7_9.tuxcare.els7?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product": { "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product_id": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-static@1.0.2k-26.el7_9.tuxcare.els7?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product": { "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product_id": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-static@1.0.2k-26.el7_9.tuxcare.els6?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product": { "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_id": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@1.0.2k-26.el7_9.tuxcare.els7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product": { "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_id": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@1.0.2k-26.el7_9.tuxcare.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product": { "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_id": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@1.0.2k-26.el7_9.tuxcare.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product": { "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_id": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@1.0.2k-26.el7_9.tuxcare.els7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product": { "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_id": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-static@1.0.2k-26.el7_9.tuxcare.els7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product": { "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_id": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-static@1.0.2k-26.el7_9.tuxcare.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product": { "name": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_id": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@1.0.2k-26.el7_9.tuxcare.els7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product": { "name": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_id": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@1.0.2k-26.el7_9.tuxcare.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product": { "name": "openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_id": "openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@1.0.2k-26.el7_9.tuxcare.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product": { "name": "openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_id": "openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@1.0.2k-26.el7_9.tuxcare.els7?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686" }, "product_reference": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64" }, "product_reference": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686" }, "product_reference": "openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686" }, "product_reference": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64" }, "product_reference": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686" }, "product_reference": "openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686" }, "product_reference": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686" }, "product_reference": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64" }, "product_reference": "openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64" }, "product_reference": "openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64" }, "product_reference": "openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64" }, "product_reference": "openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-5678", "cwe": { "id": "CWE-606", "name": "Unchecked Input for Loop Condition" }, "notes": [ { "category": "description", "text": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "under_investigation": [ "Red-Hat-7:openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-5678" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017" }, { "category": "external", "summary": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20231106.txt", "url": "https://www.openssl.org/news/secadv/20231106.txt" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/11/1", "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231130-0010/", "url": "https://security.netapp.com/advisory/ntap-20231130-0010/" } ], "release_date": "2023-11-06T16:15:00Z", "remediations": [ { "category": "none_available", "details": "Affected", "product_ids": [ "Red-Hat-7:openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red-Hat-7:openssl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-devel-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-libs-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-perl-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.i686", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els6.x86_64", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.i686", "Red-Hat-7:openssl-static-1:1.0.2k-26.el7_9.tuxcare.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }