![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – APT37 aka GoldBackDoor Group – Active IOCs
July 18, 2023![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2023-37463 – Github Vulnerability
July 18, 2023![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – APT37 aka GoldBackDoor Group – Active IOCs
July 18, 2023![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2023-37463 – Github Vulnerability
July 18, 2023Severity
Medium
Analysis Summary
CVE-2023-2975
OpenSSL could allow a remote attacker to bypass security restrictions, caused by AES-SIV cipher implementation. By sending a specially-crafted request using empty data entries as associated data, an attacker could exploit this vulnerability to bypass authentication validation.
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-2975
Affected Vendors
OpenSSL
Affected Products
- OpenSSL 1.1.1
- OpenSSL 1.0.2
- OpenSSL 3.0.0
- OpenSSL 3.1.0
- OpenSSL 3.0.9
- OpenSSL 3.1.1
Remediation
Refer to OpenSSL Security Advisory for patch, upgrade or suggested workaround information.