CVE-2023-2975: 
OpenSSL vulnerability analysis and mitigation

CVE-2023-2975 is a vulnerability discovered in OpenSSL's AES-SIV cipher implementation that was disclosed on July 14, 2023. The vulnerability affects OpenSSL versions 3.0.0 to 3.0.9 and 3.1.0 to 3.1.1, where the implementation incorrectly ignores empty associated data entries, leaving them unauthenticated. The FIPS provider is not affected as the AES-SIV algorithm is not FIPS approved. OpenSSL versions 1.1.1 and 1.0.2 are also not affected by this issue (OpenSSL Advisory).

The vulnerability exists in the AES-SIV cipher implementation where empty associated data entries are not properly authenticated. When an application calls EVPEncryptUpdate() or EVPCipherUpdate() with a NULL pointer as the output buffer and 0 as the input buffer length, the implementation simply returns success instead of performing the required associated data authentication operation. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (NVD).

Applications using the AES-SIV algorithm that expect to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries, as these are ignored by the OpenSSL implementation. However, the impact is considered low as this issue does not affect non-empty associated data authentication, and it is rare for applications to use empty associated data entries (OpenSSL Advisory).

Due to the low severity of this issue, OpenSSL did not immediately issue new releases. The fix was included in subsequent releases and is available in commit 6a83f0c9 (for 3.1) and commit 00e2f5ee (for 3.0) in the OpenSSL git repository. Users are advised to upgrade to fixed versions when they become available (OpenSSL Advisory).