Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2024009
Product
CVSS Score
Original Date
Last Revised
Supervyse
Low
2024-09-10
Summary
Upgrade OpenSSL to 3.2.1.
Vulnerability Details
CVSS Vector: Multiple
Upgrade OpenSSL to version 3.2.1 which addressed following vulnerabilities.
1. CVE-2023-5678
CVSS: Low
OpenSSL: Excessive time spent in DH check / generation with large Q parameter value
2. CVE-2024-0727
CVSS: Low
PKCS12 Decoding crashes
3.CVE-2024-2511
CVSS: Low
Unbounded memory growth with session handling in TLSv1.3
4. CVE-2024-4603
CVSS: Low
Excessive time spent checking DSA keys and parameters
5. CVE-2024-4741
CVSS: Low
Use After Free with SSL_free_buffers
6. CVE-2024-5535
CVSS: Low
Excessive time spent checking DSA keys and parametersSSL_select_next_proto buffer overread
Solution Information
OPF: RV24.06.3 and after.
OPF: RV23.08.1 and after.
Acknowledgements
Revision History
Revision #
Date
Description
1
2024-09-10
Initial Release