Updated: 2023-11-07 19:58:35.662351
Description:
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 6.4 |
| CVSS Version 3.x | MEDIUM | 6.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 8.4 ELS | php | 7.4.6 | 6.5 | MEDIUM | Released | CLSA-2022:1643747494 | 2022-02-01 23:30:35 |
| CentOS 8.5 ELS | php | 7.4.19 | 6.5 | MEDIUM | Not Vulnerable | 2022-02-08 05:24:51 |