what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2023-3817

Status Candidate

Overview

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

Related Files

Ubuntu Security Notice USN-6709-1
Posted Mar 22, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6709-1 - It was discovered that checking excessively long DH keys or parameters may be very slow. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. After the fix for CVE-2023-3446 Bernd Edlinger discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2024-0727
SHA-256 | a3c85443f6ce0636dc4acc75b294ee38bc75374485acad341a73a787d547a0cb
Download | Favorite | View
OpenSSL Security Advisory 20231106
Posted Nov 6, 2023
Site openssl.org

OpenSSL Security Advisory 20231106 - Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow.

tags | advisory
advisories | CVE-2023-3817, CVE-2023-5678
SHA-256 | 571f986ddee0d0a3c6499ab09f34a768ad263d9979a6441ec9fe524febb124a3
Download | Favorite | View
Ubuntu Security Notice USN-6435-2
Posted Oct 26, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6435-2 - USN-6435-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-3446, CVE-2023-3817
SHA-256 | 59d340970afcd638ff53547b215993cbec3a2b96fa9685449422e51dfd241ffb
Download | Favorite | View
Ubuntu Security Notice USN-6450-1
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6450-1 - Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector lengths. This could lead to truncation issues and result in loss of confidentiality for some symmetric cipher modes. Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV cipher. This could lead to empty data entries being ignored, resulting in certain applications being misled. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2023-2975, CVE-2023-3817, CVE-2023-5363
SHA-256 | 2d9459c9594f7dcc383dafcaff6092d57b63e811ab043a65d9d9516541186813
Download | Favorite | View
Ubuntu Security Notice USN-6435-1
Posted Oct 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6435-1 - It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. Bernd Edlinger discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2023-3446, CVE-2023-3817
SHA-256 | e4c02d0cf75df128a82009e6b74401d4b3f8c229dcc5899f73bc5f7c3bd1e952
Download | Favorite | View
Ubuntu Security Notice USN-6278-2
Posted Aug 11, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.

tags | advisory, remote, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2023-35390, CVE-2023-38178, CVE-2023-38180
SHA-256 | bbe5ad0ccef22ad3d5b80f2a669f69b1767e2bc58e7c496afd4da28a17cdf5c5
Download | Favorite | View
Ubuntu Security Notice USN-6278-1
Posted Aug 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, web, denial of service, code execution
systems | linux, ubuntu
advisories | CVE-2023-35390, CVE-2023-38178, CVE-2023-38180
SHA-256 | 398492662e44a0c763fee25f39cae11943767ba032c8f6482dec1ab6f6617eaf
Download | Favorite | View
OpenSSL Toolkit 3.1.2
Posted Aug 1, 2023
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.1.x series is the current major version of OpenSSL.

Changes: Fixed excessive time spent checking DH q parameter value. Fixed DH_check() excessive time with over sized modulus. No longer ignoring empty associated data entries with AES-SIV. A change has been made to the enable-fips option.
tags | encryption, protocol
systems | unix
advisories | CVE-2023-2975, CVE-2023-3446, CVE-2023-3817
SHA-256 | a0ce69b8b97ea6a35b96875235aa453b966ba3cba8af2de23657d8b6767d6539
Download | Favorite | View
OpenSSL Toolkit 3.0.10
Posted Aug 1, 2023
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.

Changes: Fixed excessive time spent checking DH q parameter value. Fixed DH_check() excessive time with over sized modulus. No longer ignoring empty associated data entries with AES-SIV.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-2975, CVE-2023-3446, CVE-2023-3817
SHA-256 | 1761d4f5b13a1028b9b6f3d4b8e17feb0cedc9370f6afe61d7193d2cdce83323
Download | Favorite | View
OpenSSL Toolkit 1.1.1v
Posted Aug 1, 2023
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

Changes: Fixed excessive time spent checking DH q parameter value. Fixed DH_check() excessive time with over sized modulus.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2023-3446, CVE-2023-3817
SHA-256 | d6697e2871e77238460402e9362d47d18382b15ef9f246aba6c7bd780d38a6b0
Download | Favorite | View
OpenSSL Security Advisory 20230731
Posted Jul 31, 2023
Site openssl.org

OpenSSL Security Advisory 20230731 - Checking excessively long DH keys or parameters may be very slow.

tags | advisory
advisories | CVE-2023-3446, CVE-2023-3817
SHA-256 | b497bf3e1c45020f0f227205c740557918c2fef680976bc3d389ede0493cb6b1
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    19 Files
  • 25
    Jun 25th
    5 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close