gsd-2023-3817
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2023-3817",
    "id": "GSD-2023-3817"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-3817"
      ],
      "details": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
      "id": "GSD-2023-3817",
      "modified": "2023-12-13T01:20:54.455534Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "openssl-security@openssl.org",
        "ID": "CVE-2023-3817",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "OpenSSL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "3.1.0",
                          "version_value": "3.1.2"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "3.0.0",
                          "version_value": "3.0.10"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.1.1",
                          "version_value": "1.1.1v"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0.2",
                          "version_value": "1.0.2zi"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "OpenSSL"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Bernd Edlinger"
        },
        {
          "lang": "en",
          "value": "Tomas Mraz"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Excessive Iteration"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.openssl.org/news/secadv/20230731.txt",
            "refsource": "MISC",
            "url": "https://www.openssl.org/news/secadv/20230731.txt"
          },
          {
            "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5",
            "refsource": "MISC",
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"
          },
          {
            "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f",
            "refsource": "MISC",
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"
          },
          {
            "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5",
            "refsource": "MISC",
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"
          },
          {
            "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644",
            "refsource": "MISC",
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"
          },
          {
            "name": "http://seclists.org/fulldisclosure/2023/Jul/43",
            "refsource": "MISC",
            "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/07/31/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
          },
          {
            "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html",
            "refsource": "MISC",
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230818-0014/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20230818-0014/"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/09/22/9",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/09/22/11",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231027-0008/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231027-0008/"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/11/06/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2"
          },
          {
            "name": "https://security.gentoo.org/glsa/202402-08",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/202402-08"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E327FF28-8035-4914-B7D9-F96780BD9C5E",
                    "versionEndExcluding": "3.0.10",
                    "versionStartIncluding": "3.0.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9BA338C8-1C98-4928-9661-BC82501A8972",
                    "versionEndExcluding": "3.1.2",
                    "versionStartIncluding": "3.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:*",
                    "matchCriteriaId": "CF0E6EB1-D656-458E-82B6-8C1ABDC13CB9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                    "matchCriteriaId": "18797BEE-417D-4959-9AAD-C5A7C051B524",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*",
                    "matchCriteriaId": "6FAA3C31-BD9D-45A9-A502-837FECA6D479",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*",
                    "matchCriteriaId": "6455A421-9956-4846-AC7C-3431E0D37D23",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "60F946FD-F564-49DA-B043-5943308BA9EE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9B89180B-FB68-4DD8-B076-16E51CC7FB91",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4C986592-4086-4A39-9767-EF34DBAA6A53",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7B23181C-03DB-4E92-B3F6-6B585B5231B4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*",
                    "matchCriteriaId": "94D9EC1C-4843-4026-9B05-E060E9391734",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*",
                    "matchCriteriaId": "036FB24F-7D86-4730-8BC9-722875BEC807",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FDF148A3-1AA7-4F27-85AB-414C609C626F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E15B749E-6808-4788-AE42-7A1587D8697E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*",
                    "matchCriteriaId": "58F80C8D-BCA2-40AD-BD22-B70C7BE1B298",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*",
                    "matchCriteriaId": "70B78EDF-6BB7-42C4-9423-9332C62C6E43",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E2354F82-A01B-43D2-84F4-4E94B258E091",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:*",
                    "matchCriteriaId": "59AAE340-19BC-4879-AC48-9F4F338A3B61",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6264EB97-9FBE-4DEB-A81D-EA0B2E4437FF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:*",
                    "matchCriteriaId": "59B58D80-485A-4CBD-9220-D6FDBD6FEE65",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9B1131CC-526D-45FF-ABEB-164100D0BE0D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0739C502-4EDB-4D08-B2B9-04FAB98AFE02",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AB045D51-DAD7-44E1-BA80-4C90F0F4335F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2t:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5A745BE4-2249-4251-8AD1-43F0F7EF2755",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2u:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DAEB85A6-B9F9-4EC1-942F-7E17A3854600",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2v:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7D6D42CF-82FC-4A6F-9C4C-6DBF9470CABB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A6029EAB-8DDE-4995-AFC8-4C17BDEC8DFF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2x:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EF8EEF0A-623B-46A8-9C0D-F5EC490128DC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2y:*:*:*:*:*:*:*",
                    "matchCriteriaId": "024263ED-A240-4447-8926-E9D1EF4792E7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2za:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EEAC4D67-2D2A-45EF-8693-1D90EEC818EC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2zb:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A6852B09-CC89-4F9C-8245-59AD2C797AC1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2zc:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3A7A844C-EB18-443B-8B33-86C98BFF683E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2zd:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8538CCF3-19C0-4E55-B5F7-AC07A1D68E2C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2ze:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3CCDDB86-9910-4251-91B0-D56EDE93BF49",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2zf:*:*:*:*:*:*:*",
                    "matchCriteriaId": "96BA4105-67FF-43BD-A655-7F5741AD8F8F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2zg:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DC2EEB54-2A48-4DB7-B95C-4B5072B98858",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.0.2zh:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A32F8FD2-79D4-4349-95EF-8B2448993CAF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:*",
                    "matchCriteriaId": "A8C84061-63BE-49F6-B2F0-D96847E755E0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre1:*:*:*:*:*:*",
                    "matchCriteriaId": "811DBBDB-4DD9-4440-A9EC-F97B161F1E1D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre2:*:*:*:*:*:*",
                    "matchCriteriaId": "8A5C2FE6-8BFB-4C73-83E9-0CF230D4B452",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre3:*:*:*:*:*:*",
                    "matchCriteriaId": "230480C2-314E-4465-B09D-101DCC475E7C",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre4:*:*:*:*:*:*",
                    "matchCriteriaId": "5474A1A5-81F9-4B15-B145-C327EB098740",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre5:*:*:*:*:*:*",
                    "matchCriteriaId": "7EEDDD3D-0598-4F1F-93CB-FAF6757BFF1B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre6:*:*:*:*:*:*",
                    "matchCriteriaId": "ED226FB6-07FD-4713-BEFE-94456FA6F82F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre7:*:*:*:*:*:*",
                    "matchCriteriaId": "11AE7A76-811B-46D0-9173-BC5A48560F67",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre8:*:*:*:*:*:*",
                    "matchCriteriaId": "A4955261-CCEB-472B-9535-98B0CE04A321",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1:pre9:*:*:*:*:*:*",
                    "matchCriteriaId": "C36FAE41-0B70-4049-9AFA-8F762EF4FB00",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "42649AB8-1443-4036-9873-160D913BAD68",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8AE4A4BC-31BE-4EC5-907C-295D98484ABB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D8A852AB-AE4C-4794-BE45-D49EECA9D440",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1d:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6B34CE8C-FF32-433B-8527-CA04E7835AC5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1e:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F73E774D-C6EB-4776-A847-3F331EC77204",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1f:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BF6D1346-43CD-41DE-9021-A98157FED8B8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1g:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C7364FED-4719-4EF5-8ABB-D36CBD8BE402",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1h:*:*:*:*:*:*:*",
                    "matchCriteriaId": "14479639-DF33-4AB7-B781-791BF8DA8382",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1i:*:*:*:*:*:*:*",
                    "matchCriteriaId": "900C1008-F297-47FD-A1BD-11A3BEFF02E0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1j:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AD1A1441-D118-4557-A8AA-88B20D332ED5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1k:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8AACE259-34C9-4100-8730-5BDA4B1B1A66",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1l:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BAF15ABD-322D-413F-9707-C2A4508629D7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1m:*:*:*:*:*:*:*",
                    "matchCriteriaId": "69FAF390-8141-4451-9D80-76155BD4EADC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1n:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0A54842A-332F-4092-ABE0-F3323541BE67",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1o:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FB72FEE3-190B-4326-ACD0-F52110536526",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1p:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1AF40BB0-0C57-4BCD-815F-A3FF4EB42D14",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1q:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EA111F81-1347-4D7D-BA0F-88350174DAFC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1r:*:*:*:*:*:*:*",
                    "matchCriteriaId": "46E4334B-6203-49B1-83E6-381E6D12DCBA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1s:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B76E919B-5E08-4C04-80FF-5F9DBA244B71",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1t:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6F1DE6C9-DCAF-4896-912D-443A32B918F6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:openssl:openssl:1.1.1u:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C5C8A0C3-BAAF-43D7-B782-5EA17539D7EF",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
          }
        ],
        "id": "CVE-2023-3817",
        "lastModified": "2024-02-04T09:15:10.030",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-07-31T16:15:10.497",
        "references": [
          {
            "source": "openssl-security@openssl.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
          },
          {
            "source": "openssl-security@openssl.org",
            "tags": [
              "Mailing List"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
          },
          {
            "source": "openssl-security@openssl.org",
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
          },
          {
            "source": "openssl-security@openssl.org",
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
          },
          {
            "source": "openssl-security@openssl.org",
            "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2"
          },
          {
            "source": "openssl-security@openssl.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"
          },
          {
            "source": "openssl-security@openssl.org",
            "tags": [
              "Broken Link"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"
          },
          {
            "source": "openssl-security@openssl.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"
          },
          {
            "source": "openssl-security@openssl.org",
            "tags": [
              "Mailing List",
              "Patch"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"
          },
          {
            "source": "openssl-security@openssl.org",
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
          },
          {
            "source": "openssl-security@openssl.org",
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "source": "openssl-security@openssl.org",
            "url": "https://security.netapp.com/advisory/ntap-20230818-0014/"
          },
          {
            "source": "openssl-security@openssl.org",
            "url": "https://security.netapp.com/advisory/ntap-20231027-0008/"
          },
          {
            "source": "openssl-security@openssl.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.openssl.org/news/secadv/20230731.txt"
          }
        ],
        "sourceIdentifier": "openssl-security@openssl.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-834"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.