The host is installed with OpenSSL 3.0.0 through 3.0.11 or 3.1.0 through 3.1.3 and is prone to a incorrect cipher key and IV length processing vulnerability. A flaw is present in the application, which fails to properly handle issues in processing of key and initialisation vector (IV) lengths. On successful exploitation, a truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes.