CVE-2021-23840 in Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers
Summary
by MITRE • 02/16/2021
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 02/06/2026
This vulnerability represents a critical integer overflow condition affecting OpenSSL's cryptographic cipher operations through the EVP_CipherUpdate, EVP_EncryptUpdate, and EVP_DecryptUpdate functions. The flaw occurs when processing input data nearing the maximum permissible integer length for the platform, creating a scenario where the function returns a successful status code of 1 while simultaneously setting the output length parameter to a negative value. This anomalous behavior stems from improper handling of boundary conditions during cryptographic operations, where the internal length calculations fail to properly validate input sizes against platform limitations. The vulnerability is particularly concerning because it operates silently, with the function appearing to succeed while delivering corrupted output parameters that can lead to unpredictable application behavior.
The technical implementation of this vulnerability exploits fundamental integer arithmetic limitations within OpenSSL's cryptographic library implementation. When input lengths approach the maximum value that can be represented by the platform's integer type, the internal calculations used to determine output buffer requirements overflow, resulting in negative length values being written to the output parameter. This type of integer overflow is classified under CWE-190 as an "Integer Overflow or Wraparound" and represents a classic example of how cryptographic libraries must properly validate all input parameters to prevent such edge case scenarios from causing system instability. The vulnerability affects the core encryption and decryption pathways, making it particularly dangerous for applications that rely heavily on OpenSSL for secure communications.
The operational impact of this vulnerability extends beyond simple application crashes to include potential security implications through incorrect cryptographic processing. Applications utilizing affected OpenSSL versions may experience unexpected behavior when processing large data sets, potentially leading to memory corruption, application termination, or data integrity issues. The vulnerability is particularly dangerous in environments where applications process large files or streams of data, as the likelihood of hitting the problematic boundary conditions increases significantly. Attackers could potentially exploit this issue to cause denial of service through controlled input data that triggers the overflow condition, or in some cases, manipulate the cryptographic processing to produce incorrect results that could compromise security properties.
Mitigation strategies for this vulnerability require immediate upgrading of affected OpenSSL installations to the patched versions. Organizations using OpenSSL 1.1.1i or earlier must upgrade to 1.1.1j, while those on 1.0.2x or earlier should move to 1.0.2y, though the latter version is no longer in active support. The fix addresses the integer overflow by implementing proper boundary checking and length validation before performing the cryptographic operations. This aligns with ATT&CK technique T1059.007 for command and scripting interpreter, as the vulnerability could be exploited through malicious input data that triggers the overflow condition during command processing. Security teams should also implement monitoring for applications that may be vulnerable to this issue, particularly those handling large data inputs or performing frequent encryption/decryption operations. The vulnerability demonstrates the critical importance of proper input validation in cryptographic libraries and serves as a reminder that even well-established security components require continuous security assessment and updating to prevent such edge case exploits from compromising system integrity.