Support Content Notification - Support Portal

BSA-2021-1238

Product/Component

Brocade Fabric OS

2 more products

Notification Id

21590

Last Updated

04 February 2021

Initial Publication Date

04 February 2021

Status

Closed

Severity

Low

CVSS Base Score

7.8

WorkAround

Affected CVE

CVE-2021-3345

Summary

Security Advisory ID : BSA-2021-1238

Component : Libgcrypt

Revision : 1.0

_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. It is recommended to upgrade to 1.9.1 or later.

Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Note.
Brocade Manageability products are not vulnerable to this CVE. However, if a Brocade Manageability product is installed on the same Server vulnerable to this CVE, this is out of Brocade's control. Brocade recommends Customers apply recommendations provided by the Vendor.

Revision History

Version	Change	Date
1.0	Initial Publication	Feb 4, 2021