PatchSiren

PatchSiren cyber security CVE debrief

CVE-2023-5363 Netapp CVE debrief

CVE-2023-5363 is an OpenSSL bug in the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), and EVP_CipherInit_ex2() path where keylen and ivlen parameters inside an OSSL_PARAM array are processed too late. That can cause truncation or overruns of key and IV values for some symmetric ciphers and modes. The most security-relevant case is IV truncation in CCM, GCM, or OCB, where it can lead to IV reuse and loss of confidentiality. OpenSSL says its SSL/TLS implementation is not affected, and the 3.0 and 3.1 FIPS providers are also not affected because the issue is outside the FIPS boundary. NVD lists OpenSSL 3.0.0 through 3.0.11 and 3.1.0 through 3.1.3 as vulnerable, along with some downstream products in its affected CPE set.

Vendor
Netapp
Product
CVE-2023-5363
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2023-10-25
Original CVE updated
2026-05-12
Advisory published
2023-10-25
Advisory updated
2026-05-12

Who should care

Security and platform teams that deploy OpenSSL 3.0.x or 3.1.x, especially applications that directly call EVP_*Init_ex2 APIs and set keylen or ivlen dynamically. Pay extra attention to software using RC2, RC4, RC5, CCM, GCM, or OCB, and to downstream products or distributions that bundle the affected OpenSSL releases.

Technical summary

The bug is in how OpenSSL handles parameterized cipher initialization. The cipher key and IV are established before the OSSL_PARAM array is fully processed, so later changes to keylen or ivlen do not take effect as intended. This can truncate or overread the key/IV, producing incorrect cryptographic results. For CCM, GCM, and OCB, IV truncation can undermine IV uniqueness and confidentiality; for other impacted modes, the result may be incorrect output and, in some cases, a memory exception. The issue is limited to the affected OpenSSL library versions and cipher paths, not the SSL/TLS implementation itself.

Defensive priority

High for any exposed or widely deployed application that uses the affected OpenSSL init APIs; otherwise medium, with priority driven by whether keylen/ivlen are set dynamically and whether CCM/GCM/OCB are used.

Recommended defensive actions

  • Upgrade OpenSSL to a fixed release: 3.0.12 or later for the 3.0 line, or 3.1.4 or later for the 3.1 line.
  • Inventory applications and libraries that call EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), or EVP_CipherInit_ex2() and inspect whether they use the 'keylen' or 'ivlen' OSSL_PARAM entries.
  • Review cryptographic code that uses CCM, GCM, or OCB for any deterministic-IV or nonce construction logic and validate that IV uniqueness is preserved after remediation.
  • Check downstream vendor advisories and package updates for bundled OpenSSL copies, including distribution and appliance firmware notices referenced in the NVD record.
  • After patching, run functional tests for encryption and decryption flows to confirm that key/IV length handling behaves as expected and that no interoperability regressions were introduced.

Evidence notes

The source corpus includes the OpenSSL vendor advisory dated 2023-10-24, the NVD CVE entry published on 2023-10-25, and later NVD metadata updates through 2026-05-12. NVD references identify the vulnerable OpenSSL ranges as 3.0.0-3.0.11 and 3.1.0-3.1.3, and the corpus explicitly states that OpenSSL SSL/TLS and the 3.0/3.1 FIPS providers are not affected. NVD assigns CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Official resources

OpenSSL disclosed the issue in its security advisory on 2023-10-24, and the CVE/NVD record was published on 2023-10-25. NVD metadata was later modified on 2026-05-12.