Zercurity data services
  • Expand groupSummary
  • Applications (0)
  • Packages (7)
  • System updates (0)
  • Operating systems (0)

CVE-2023-3817

Description
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
  • Risk: 0
CVSSv3
    CVSSv2

      Packages

      NameTypeArchSizeRisk
      openssl
      openssl_3.0.2-0ubuntu1.10_i386.deb
      libssl-dev
      libssl-dev_3.0.2-0ubuntu1.10_i386.deb
      libssl3
      libssl3_3.0.2-0ubuntu1.10_amd64.deb
      libssl3
      libssl3_3.0.2-0ubuntu1.10_i386.deb
      libssl-dev
      libssl-dev_3.0.2-0ubuntu1.10_amd64.deb
      libssl-doc
      libssl-doc_3.0.2-0ubuntu1.10_all.deb
      openssl
      openssl_3.0.2-0ubuntu1.10_amd64.deb

      Raw Object

      {
        "uuid": "4a437f57-5b5d-7d42-165a-44006572575d",
        "name": "CVE-2023-3817",
        "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
        "cvss": null,
        "score": 0,
        "severity": "NONE",
        "cvss3": null,
        "score3": 0,
        "severity3": "NONE",
        "applications": [],
        "packages": [
          {
            "uuid": "2bb49ca6-327b-8986-c163-49d365e5ea7a",
            "sha256": "4e6352f2b3307615decd1839c9f160ea11c4b673f0f6fd973c166204bd4e34eb",
            "sha1": "1c8bd8337358a5ded6d41f11f93d16c72914ee1f",
            "md5": "02aba83395b8f8f04995e5da52618eeb",
            "name": "openssl",
            "version": "3.0.2-0ubuntu1.10",
            "filename": "openssl_3.0.2-0ubuntu1.10_i386.deb",
            "source": "USN",
            "sid": null,
            "self": "https://data.zercurity.com/v1/package/4e6352f2b3307615decd1839c9f160ea11c4b673f0f6fd973c166204bd4e34eb"
          },
          {
            "uuid": "e2ad905c-182d-747d-9aff-c41ccf3feb2f",
            "sha256": "6e2879dcc061e63b745287d57a2cb5f9f50925354534fa88a1eb99f6b6541ef6",
            "sha1": "fe67add7683ccea04aed95e6c678eebdf7e6ffd5",
            "md5": "309c10bec7abc5b329b804a0deaae704",
            "name": "libssl-dev",
            "version": "3.0.2-0ubuntu1.10",
            "filename": "libssl-dev_3.0.2-0ubuntu1.10_i386.deb",
            "source": "USN",
            "sid": null,
            "self": "https://data.zercurity.com/v1/package/6e2879dcc061e63b745287d57a2cb5f9f50925354534fa88a1eb99f6b6541ef6"
          },
          {
            "uuid": "ecff3d40-b5dc-d17a-082e-cab796959db7",
            "sha256": "1705f94b91a583e1fc1b975b42ce7f063edaf413f61169641c8ae69043a9fbbc",
            "sha1": "ea3b018d1739992d82776c9b6e2c459b9844e4a9",
            "md5": "2cc7a1110c252795515cd3d3657f9aae",
            "name": "libssl3",
            "version": "3.0.2-0ubuntu1.10",
            "filename": "libssl3_3.0.2-0ubuntu1.10_amd64.deb",
            "source": "USN",
            "sid": null,
            "self": "https://data.zercurity.com/v1/package/1705f94b91a583e1fc1b975b42ce7f063edaf413f61169641c8ae69043a9fbbc"
          },
          {
            "uuid": "2b64f4b5-f3e2-7b84-07dd-b46c4659ef21",
            "sha256": "8253823330620a270ca2bbbd5b5f472ec24d6a16da2d03b0d6a2ed179b30a24b",
            "sha1": "fbdfd94a756668f92f162029799aa43cd253f1e9",
            "md5": "12d642aa3933fd98f0b782c84ce79c32",
            "name": "libssl3",
            "version": "3.0.2-0ubuntu1.10",
            "filename": "libssl3_3.0.2-0ubuntu1.10_i386.deb",
            "source": "USN",
            "sid": null,
            "self": "https://data.zercurity.com/v1/package/8253823330620a270ca2bbbd5b5f472ec24d6a16da2d03b0d6a2ed179b30a24b"
          },
          {
            "uuid": "7f6ed90f-8b6e-4098-d68b-cb24e914fc10",
            "sha256": "5a7438766f6bd5721c53c1c88825474ab3d9af55ddbf729acbce001c950e0fa6",
            "sha1": "029f19dcd83dda5b9f3a1544a2902da3b087e6f8",
            "md5": "11ee8945c3b1706bdb6254e6f6959bd9",
            "name": "libssl-dev",
            "version": "3.0.2-0ubuntu1.10",
            "filename": "libssl-dev_3.0.2-0ubuntu1.10_amd64.deb",
            "source": "USN",
            "sid": null,
            "self": "https://data.zercurity.com/v1/package/5a7438766f6bd5721c53c1c88825474ab3d9af55ddbf729acbce001c950e0fa6"
          },
          {
            "uuid": "c8a24f90-a183-51c2-4c3a-dff87b5cf2c2",
            "sha256": "4a1aa015e57f54f31d8c665b98da15bfb198035804ab8a1fd2877693923f6c13",
            "sha1": "97d80ba76c5e8c77a8835a7cbd8528faad753782",
            "md5": "0b7cdf5fd93146bcc741481f4783d8f4",
            "name": "libssl-doc",
            "version": "3.0.2-0ubuntu1.10",
            "filename": "libssl-doc_3.0.2-0ubuntu1.10_all.deb",
            "source": "USN",
            "sid": null,
            "self": "https://data.zercurity.com/v1/package/4a1aa015e57f54f31d8c665b98da15bfb198035804ab8a1fd2877693923f6c13"
          },
          {
            "uuid": "b76bb08d-54a9-3dbc-4f6e-04720e69134f",
            "sha256": "74fbef56da07706bbbb5e04c12f579d2c2b660e3e328aaab54a819adc004a6f6",
            "sha1": "5aeed416c1d92ac9afa6b3db0fa7432c262860db",
            "md5": "dc1d240e082e1066ce5c2aba3b824102",
            "name": "openssl",
            "version": "3.0.2-0ubuntu1.10",
            "filename": "openssl_3.0.2-0ubuntu1.10_amd64.deb",
            "source": "USN",
            "sid": null,
            "self": "https://data.zercurity.com/v1/package/74fbef56da07706bbbb5e04c12f579d2c2b660e3e328aaab54a819adc004a6f6"
          }
        ],
        "updates": [],
        "os": [],
        "risk": 0,
        "created_at": "2023-07-31T16:15:00+00:00",
        "updated_at": "2023-08-01T11:15:00+00:00",
        "deleted_at": null
      }