CVE-2023-5363: Incorrect cipher key & IV length processing
Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths. This can lead to potential truncation
or overruns during the initialisation of some symmetric ciphers.
Impact summary: A truncation in the IV can result in non-uniqueness,
which could result in loss of confidentiality for some cipher modes.
When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after
the key and IV have been established. Any alterations to the key length,
via the "keylen" parameter or the IV length, via the "ivlen" parameter,
within the OSSL_PARAM array will not take effect as intended, potentially
causing truncation or overreading of these values. The following ciphers
and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.
For the CCM, GCM and OCB cipher modes, truncation of the IV can result in
loss of confidentiality. For example, when following NIST's SP 800-38D
section 8.2.1 guidance for constructing a deterministic IV for AES in
GCM mode, truncation of the counter portion could lead to IV reuse.
Both truncations and overruns of the key and overruns of the IV will
produce incorrect results and could, in some cases, trigger a memory
exception. However, these issues are not currently assessed as security
critical.
Changing the key and/or IV lengths is not considered to be a common operation
and the vulnerable API was recently introduced. Furthermore it is likely that
application developers will have spotted this problem during testing since
decryption would fail unless both peers in the communication were similarly
vulnerable. For these reasons we expect the probability of an application being
vulnerable to this to be quite low. However if an application is vulnerable then
this issue is considered very serious. For these reasons we have assessed this
issue as Moderate severity overall.
The OpenSSL SSL/TLS implementation is not affected by this issue.
The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because
the issue lies outside of the FIPS provider boundary.
OpenSSL 3.1 and 3.0 are vulnerable to this issue.
Security readout for executives and security teams
Plain-English summary
CVE-2023-5363 is an OpenSSL 3.0 and 3.1 bug where some applications can mishandle encryption key or IV lengths. If an affected application uses the vulnerable newer APIs with certain ciphers, confidentiality can be lost through IV truncation. OpenSSL says TLS itself and the 3.0/3.1 FIPS providers are not affected.
Executive priority
Treat as a targeted remediation item, not a broad emergency. Prioritize internet-facing or security-sensitive applications using OpenSSL 3.0/3.1, especially custom encryption code. Confirm vendor packages are patched during normal vulnerability management cycles.
Technical view
The issue affects EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), and EVP_CipherInit_ex2() when OSSL_PARAM changes keylen or ivlen after key and IV setup. Impacted ciphers and modes are RC2, RC4, RC5, CCM, GCM, and OCB. IV truncation in CCM/GCM/OCB can cause IV reuse; overruns can cause incorrect results or memory exceptions.
Likely exposure
Exposure is likely limited to software using OpenSSL 3.0 or 3.1 and the affected EVP *_ex2 APIs to alter key or IV lengths. OpenSSL describes this operation as uncommon and the API as recently introduced, so broad exposure is unlikely. Embedded third-party products should still be checked through vendor advisories.
Exploitation context
The provided sources do not show active exploitation, and KEV status is false. The risk is mainly confidentiality loss when vulnerable application logic reaches affected cipher initialization paths. Evidence is incomplete for downstream product impact beyond the listed vendor advisories.
Researcher notes
The key question is reachability: affected OpenSSL versions alone are insufficient. Validate whether application code calls the *_ex2 EVP initialization APIs and modifies keylen or ivlen via OSSL_PARAM for the listed cipher modes. TLS and the OpenSSL 3.0/3.1 FIPS providers are stated as unaffected.
Mitigation direction
Upgrade affected OpenSSL 3.0 installations to fixed vendor packages or OpenSSL 3.0.12.
Upgrade affected OpenSSL 3.1 installations to fixed vendor packages or OpenSSL 3.1.4.
Review Debian, NetApp, Siemens, and other supplier advisories for bundled OpenSSL exposure.
Avoid changing keylen or ivlen through affected OSSL_PARAM paths until patched.
If patching is delayed, seek vendor-specific compensating guidance.
Validation and detection
Inventory systems and products using OpenSSL 3.0.x or 3.1.x.
Identify code using EVP_EncryptInit_ex2, EVP_DecryptInit_ex2, or EVP_CipherInit_ex2.
Check whether keylen or ivlen is changed through OSSL_PARAM.
Confirm use of RC2, RC4, RC5, CCM, GCM, or OCB paths.
Verify deployed packages include OpenSSL 3.0.12, 3.1.4, or vendor backports.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-684: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-684 · source CWE mapping
Incorrect Provision of Specified Functionality
Incorrect Provision of Specified Functionality represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.