LiveActive security incident?Get immediate response
CVE Record

CVE-2023-5363: Incorrect cipher key & IV length processing

Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.

HighCVSS 7.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2023-5363 is an OpenSSL 3.0 and 3.1 bug where some applications can mishandle encryption key or IV lengths. If an affected application uses the vulnerable newer APIs with certain ciphers, confidentiality can be lost through IV truncation. OpenSSL says TLS itself and the 3.0/3.1 FIPS providers are not affected.

Executive priority

Treat as a targeted remediation item, not a broad emergency. Prioritize internet-facing or security-sensitive applications using OpenSSL 3.0/3.1, especially custom encryption code. Confirm vendor packages are patched during normal vulnerability management cycles.

Technical view

The issue affects EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), and EVP_CipherInit_ex2() when OSSL_PARAM changes keylen or ivlen after key and IV setup. Impacted ciphers and modes are RC2, RC4, RC5, CCM, GCM, and OCB. IV truncation in CCM/GCM/OCB can cause IV reuse; overruns can cause incorrect results or memory exceptions.

Likely exposure

Exposure is likely limited to software using OpenSSL 3.0 or 3.1 and the affected EVP *_ex2 APIs to alter key or IV lengths. OpenSSL describes this operation as uncommon and the API as recently introduced, so broad exposure is unlikely. Embedded third-party products should still be checked through vendor advisories.

Exploitation context

The provided sources do not show active exploitation, and KEV status is false. The risk is mainly confidentiality loss when vulnerable application logic reaches affected cipher initialization paths. Evidence is incomplete for downstream product impact beyond the listed vendor advisories.

Researcher notes

The key question is reachability: affected OpenSSL versions alone are insufficient. Validate whether application code calls the *_ex2 EVP initialization APIs and modifies keylen or ivlen via OSSL_PARAM for the listed cipher modes. TLS and the OpenSSL 3.0/3.1 FIPS providers are stated as unaffected.

Mitigation direction

  • Upgrade affected OpenSSL 3.0 installations to fixed vendor packages or OpenSSL 3.0.12.
  • Upgrade affected OpenSSL 3.1 installations to fixed vendor packages or OpenSSL 3.1.4.
  • Review Debian, NetApp, Siemens, and other supplier advisories for bundled OpenSSL exposure.
  • Avoid changing keylen or ivlen through affected OSSL_PARAM paths until patched.
  • If patching is delayed, seek vendor-specific compensating guidance.

Validation and detection

  • Inventory systems and products using OpenSSL 3.0.x or 3.1.x.
  • Identify code using EVP_EncryptInit_ex2, EVP_DecryptInit_ex2, or EVP_CipherInit_ex2.
  • Check whether keylen or ivlen is changed through OSSL_PARAM.
  • Confirm use of RC2, RC4, RC5, CCM, GCM, or OCB paths.
  • Verify deployed packages include OpenSSL 3.0.12, 3.1.4, or vendor backports.
Prepared
Confidence
high
Sources
11

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-684: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2023-5363 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
3Timeline events
3ADP providers
14Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: yesTechnical Impact: partial

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N3.93.6CISA-ADP

Vulnerability scoring details

Base CVSS 3.1 score

7.5High
CVSS 3.1 vector shape for CVE-2023-5363Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
CISA-ADPCISA ADP Vulnrichment
cvssV3_1other:ssvc
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
OpenSSLOpenSSL3.0.0, 3.1.0unaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-684 · source CWE mapping

Incorrect Provision of Specified Functionality

Incorrect Provision of Specified Functionality represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.