NVD - CVE-2023-6129 (original) (raw)

CVE-2023-6129 Detail

Description

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST CVSS score

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST CVSS score

NIST: NVD

Base Score: 6.5 MEDIUM

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

ADP: CISA-ADP

Base Score: 6.5 MEDIUM

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2024/03/11/1 CVE
https://cert-portal.siemens.com/productcert/html/ssa-265688.html siemens-SADP
https://cert-portal.siemens.com/productcert/html/ssa-331112.html siemens-SADP
https://cert-portal.siemens.com/productcert/html/ssa-769027.html siemens-SADP
https://cert-portal.siemens.com/productcert/html/ssa-915275.html siemens-SADP
https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35 CVE, OpenSSL Software Foundation Patch
https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04 CVE, OpenSSL Software Foundation Patch
https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015 CVE, OpenSSL Software Foundation Patch
https://security.netapp.com/advisory/ntap-20240216-0009/ CVE
https://security.netapp.com/advisory/ntap-20240426-0008/ CVE
https://security.netapp.com/advisory/ntap-20240426-0013/ CVE
https://security.netapp.com/advisory/ntap-20240503-0011/ CVE
https://www.openssl.org/news/secadv/20240109.txt CVE, OpenSSL Software Foundation Vendor Advisory

Weakness Enumeration

CWE-ID CWE Name Source
CWE-787 Out-of-bounds Write cwe source acceptance level NIST
CWE-440 Expected Behavior Violation OpenSSL Software Foundation

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

16 change records found show changes

CVE Modified by siemens-SADP 6/17/2026 2:50:05 AM

Action Type Old Value New Value
Added Affected [{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]},{"vendor":"Siemens","product":"SINEC NMS","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V3.0 SP1","versionType":"custom","status":"affected"}]}]

CVE Modified by CISA-ADP 6/17/2026 2:50:05 AM

Action Type Old Value New Value
Added SSVC {"timestamp":"2024-01-22T14:31:57.012999Z","id":"CVE-2023-6129","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by OpenSSL Software Foundation 6/17/2026 2:50:05 AM

Action Type Old Value New Value
Added Affected [{"vendor":"OpenSSL","product":"OpenSSL","defaultStatus":"unaffected","versions":[{"version":"3.2.0","lessThan":"3.2.1","versionType":"semver","status":"affected"},{"version":"3.1.0","lessThan":"3.1.5","versionType":"semver","status":"affected"},{"version":"3.0.0","lessThan":"3.0.13","versionType":"semver","status":"affected"}]}]

CVE Modified by siemens-SADP 5/12/2026 7:16:17 AM

Action Type Old Value New Value
Added Reference https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Added Reference https://cert-portal.siemens.com/productcert/html/ssa-331112.html
Added Reference https://cert-portal.siemens.com/productcert/html/ssa-769027.html
Added Reference https://cert-portal.siemens.com/productcert/html/ssa-915275.html

CVE Modified by CISA-ADP 6/20/2025 12:15:27 PM

Action Type Old Value New Value
Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CVE Modified by CVE 11/21/2024 3:43:11 AM

Action Type Old Value New Value
Added Reference http://www.openwall.com/lists/oss-security/2024/03/11/1
Added Reference https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35
Added Reference https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04
Added Reference https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015
Added Reference https://security.netapp.com/advisory/ntap-20240216-0009/
Added Reference https://security.netapp.com/advisory/ntap-20240426-0008/
Added Reference https://security.netapp.com/advisory/ntap-20240426-0013/
Added Reference https://security.netapp.com/advisory/ntap-20240503-0011/
Added Reference https://www.openssl.org/news/secadv/20240109.txt

CVE Modified by OpenSSL Software Foundation 10/14/2024 11:15:12 AM

Action Type Old Value New Value
Added CWE OpenSSL Software Foundation CWE-440
Removed Reference OpenSSL Software Foundation http://www.openwall.com/lists/oss-security/2024/03/11/1
Removed Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240216-0009/
Removed Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240426-0008/
Removed Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240426-0013/
Removed Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240503-0011/

CVE Modified by OpenSSL Software Foundation 5/14/2024 10:32:05 AM

Action Type Old Value New Value

CVE Modified by OpenSSL Software Foundation 5/03/2024 9:15:21 AM

Action Type Old Value New Value
Added Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240503-0011/ [No types assigned]

CVE Modified by OpenSSL Software Foundation 5/01/2024 2:15:12 PM

Action Type Old Value New Value
Added Reference OpenSSL Software Foundation http://www.openwall.com/lists/oss-security/2024/03/11/1 [No types assigned]

CVE Modified by OpenSSL Software Foundation 4/26/2024 5:15:08 AM

Action Type Old Value New Value
Added Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240426-0008/ [No types assigned]
Added Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240426-0013/ [No types assigned]

CVE Modified by OpenSSL Software Foundation 2/16/2024 8:15:09 AM

Action Type Old Value New Value
Added Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240216-0009/ [No types assigned]

Initial Analysis by NIST 1/23/2024 4:32:01 PM

Action Type Old Value New Value
Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Added CWE NIST CWE-787
Added CPE Configuration OR *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (including) 3.0.12 *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 3.1.0 up to (including) 3.1.4 *cpe:2.3:a:openssl:openssl:3.2.0:*:*:*:*:*:*:*
Changed Reference Type https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35 No Types Assigned https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35 Patch
Changed Reference Type https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04 No Types Assigned https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04 Patch
Changed Reference Type https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015 No Types Assigned https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015 Patch
Changed Reference Type https://www.openssl.org/news/secadv/20240109.txt No Types Assigned https://www.openssl.org/news/secadv/20240109.txt Vendor Advisory

CVE Modified by OpenSSL Software Foundation 1/15/2024 7:15:43 AM

Action Type Old Value New Value
Removed Reference OpenSSL Software Foundation http://www.openwall.com/lists/oss-security/2024/01/09/1

CVE Modified by OpenSSL Software Foundation 1/09/2024 1:15:46 PM

Action Type Old Value New Value
Added Reference OpenSSL Software Foundation http://www.openwall.com/lists/oss-security/2024/01/09/1 [No types assigned]

New CVE Received from OpenSSL Software Foundation 1/09/2024 12:15:12 PM

Action Type Old Value New Value
Added Description Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
Added Reference OpenSSL Software Foundation https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35 [No types assigned]
Added Reference OpenSSL Software Foundation https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04 [No types assigned]
Added Reference OpenSSL Software Foundation https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015 [No types assigned]
Added Reference OpenSSL Software Foundation https://www.openssl.org/news/secadv/20240109.txt [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2023-6129
NVD Published Date:
01/09/2024
NVD Last Modified:
06/17/2026
Source:
OpenSSL Software Foundation