CVE-2021-23840 | OpenSSL up to 1.0.2x/1.1.1i length return value (Nessus ID 211827)
A vulnerability classified as critical has been found in OpenSSL up to 1.0.2x/1.1.1i. This affects the function EVP_CipherUpdate/EVP_EncryptUpdate/EVP_DecryptUpdate. The manipulation of the argument length leads to unchecked return value.
This vulnerability is uniquely identified as CVE-2021-23840. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.