CVE-2023-3817 (GCVE-0-2023-3817)

Vulnerability from cvelistv5 – Published: 2023-07-31 15:34 – Updated: 2025-05-05 15:53
VLAI
Title
Excessive time spent checking DH q parameter value
Summary
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
Severity
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-606 - Unchecked Input for Loop Condition
Assigner
References
Impacted products
Vendor Product Version
OpenSSL OpenSSL Affected: 3.1.0 , < 3.1.2 (semver)
Affected: 3.0.0 , < 3.0.10 (semver)
Affected: 1.1.1 , < 1.1.1v (custom)
Affected: 1.0.2 , < 1.0.2zi (custom)
Create a notification for this product.
Date Public
2023-07-31 00:00
Credits
Bernd Edlinger Tomas Mraz
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:08:50.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230731.txt"
          },
          {
            "name": "3.1.2 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"
          },
          {
            "name": "3.0.10 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"
          },
          {
            "name": "1.1.1v git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"
          },
          {
            "name": "1.0.2zi patch (premium)",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Jul/43"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/07/31/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230818-0014/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231027-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/11/06/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-3817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:26:20.624850Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T15:53:49.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.2",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.10",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1v",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zi",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Bernd Edlinger"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tomas Mraz"
        }
      ],
      "datePublic": "2023-07-31T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_check(), DH_check_ex()\u003cbr\u003eor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\u003cbr\u003edelays. Where the key or parameters that are being checked have been obtained\u003cbr\u003efrom an untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function DH_check() performs various checks on DH parameters. After fixing\u003cbr\u003eCVE-2023-3446 it was discovered that a large q parameter value can also trigger\u003cbr\u003ean overly long computation during some of these checks. A correct q value,\u003cbr\u003eif present, cannot be larger than the modulus p parameter, thus it is\u003cbr\u003eunnecessary to perform these checks if q is larger than p.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_check() and supplies a key or parameters obtained\u003cbr\u003efrom an untrusted source could be vulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThe function DH_check() is itself called by a number of other OpenSSL functions.\u003cbr\u003eAn application calling any of those other functions may similarly be affected.\u003cbr\u003eThe other functions affected by this are DH_check_ex() and\u003cbr\u003eEVP_PKEY_param_check().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\u003cbr\u003ewhen using the \"-check\" option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
            }
          ],
          "value": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-606",
              "description": "CWE-606 Unchecked Input for Loop Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T14:55:48.907Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230731.txt"
        },
        {
          "name": "3.1.2 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5"
        },
        {
          "name": "3.0.10 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f"
        },
        {
          "name": "1.1.1v git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5"
        },
        {
          "name": "1.0.2zi patch (premium)",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Excessive time spent checking DH q parameter value",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-3817",
    "datePublished": "2023-07-31T15:34:13.627Z",
    "dateReserved": "2023-07-21T08:47:25.638Z",
    "dateUpdated": "2025-05-05T15:53:49.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-3817",
      "date": "2026-06-15",
      "epss": "0.02577",
      "percentile": "0.8312"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndExcluding\": \"3.0.10\", \"matchCriteriaId\": \"E327FF28-8035-4914-B7D9-F96780BD9C5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.1.0\", \"versionEndExcluding\": \"3.1.2\", \"matchCriteriaId\": \"9BA338C8-1C98-4928-9661-BC82501A8972\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF0E6EB1-D656-458E-82B6-8C1ABDC13CB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"18797BEE-417D-4959-9AAD-C5A7C051B524\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FAA3C31-BD9D-45A9-A502-837FECA6D479\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6455A421-9956-4846-AC7C-3431E0D37D23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60F946FD-F564-49DA-B043-5943308BA9EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B89180B-FB68-4DD8-B076-16E51CC7FB91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C986592-4086-4A39-9767-EF34DBAA6A53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B23181C-03DB-4E92-B3F6-6B585B5231B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94D9EC1C-4843-4026-9B05-E060E9391734\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"036FB24F-7D86-4730-8BC9-722875BEC807\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDF148A3-1AA7-4F27-85AB-414C609C626F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E15B749E-6808-4788-AE42-7A1587D8697E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F80C8D-BCA2-40AD-BD22-B70C7BE1B298\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70B78EDF-6BB7-42C4-9423-9332C62C6E43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2354F82-A01B-43D2-84F4-4E94B258E091\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59AAE340-19BC-4879-AC48-9F4F338A3B61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6264EB97-9FBE-4DEB-A81D-EA0B2E4437FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59B58D80-485A-4CBD-9220-D6FDBD6FEE65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B1131CC-526D-45FF-ABEB-164100D0BE0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0739C502-4EDB-4D08-B2B9-04FAB98AFE02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB045D51-DAD7-44E1-BA80-4C90F0F4335F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A745BE4-2249-4251-8AD1-43F0F7EF2755\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2u:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAEB85A6-B9F9-4EC1-942F-7E17A3854600\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2v:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D6D42CF-82FC-4A6F-9C4C-6DBF9470CABB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6029EAB-8DDE-4995-AFC8-4C17BDEC8DFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2x:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF8EEF0A-623B-46A8-9C0D-F5EC490128DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2y:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"024263ED-A240-4447-8926-E9D1EF4792E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2za:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEAC4D67-2D2A-45EF-8693-1D90EEC818EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2zb:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6852B09-CC89-4F9C-8245-59AD2C797AC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2zc:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A7A844C-EB18-443B-8B33-86C98BFF683E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2zd:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8538CCF3-19C0-4E55-B5F7-AC07A1D68E2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2ze:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CCDDB86-9910-4251-91B0-D56EDE93BF49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2zf:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96BA4105-67FF-43BD-A655-7F5741AD8F8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2zg:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC2EEB54-2A48-4DB7-B95C-4B5072B98858\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2zh:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A32F8FD2-79D4-4349-95EF-8B2448993CAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8C84061-63BE-49F6-B2F0-D96847E755E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"811DBBDB-4DD9-4440-A9EC-F97B161F1E1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A5C2FE6-8BFB-4C73-83E9-0CF230D4B452\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre3:*:*:*:*:*:*\", \"matchCriteriaId\": \"230480C2-314E-4465-B09D-101DCC475E7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre4:*:*:*:*:*:*\", \"matchCriteriaId\": \"5474A1A5-81F9-4B15-B145-C327EB098740\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre5:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EEDDD3D-0598-4F1F-93CB-FAF6757BFF1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre6:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED226FB6-07FD-4713-BEFE-94456FA6F82F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre7:*:*:*:*:*:*\", \"matchCriteriaId\": \"11AE7A76-811B-46D0-9173-BC5A48560F67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre8:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4955261-CCEB-472B-9535-98B0CE04A321\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1:pre9:*:*:*:*:*:*\", \"matchCriteriaId\": \"C36FAE41-0B70-4049-9AFA-8F762EF4FB00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42649AB8-1443-4036-9873-160D913BAD68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AE4A4BC-31BE-4EC5-907C-295D98484ABB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8A852AB-AE4C-4794-BE45-D49EECA9D440\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B34CE8C-FF32-433B-8527-CA04E7835AC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F73E774D-C6EB-4776-A847-3F331EC77204\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF6D1346-43CD-41DE-9021-A98157FED8B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7364FED-4719-4EF5-8ABB-D36CBD8BE402\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1h:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14479639-DF33-4AB7-B781-791BF8DA8382\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1i:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"900C1008-F297-47FD-A1BD-11A3BEFF02E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1j:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD1A1441-D118-4557-A8AA-88B20D332ED5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1k:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AACE259-34C9-4100-8730-5BDA4B1B1A66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1l:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAF15ABD-322D-413F-9707-C2A4508629D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69FAF390-8141-4451-9D80-76155BD4EADC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1n:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A54842A-332F-4092-ABE0-F3323541BE67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1o:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB72FEE3-190B-4326-ACD0-F52110536526\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1p:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AF40BB0-0C57-4BCD-815F-A3FF4EB42D14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1q:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA111F81-1347-4D7D-BA0F-88350174DAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1r:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46E4334B-6203-49B1-83E6-381E6D12DCBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1s:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B76E919B-5E08-4C04-80FF-5F9DBA244B71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1t:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F1DE6C9-DCAF-4896-912D-443A32B918F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.1.1u:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5C8A0C3-BAAF-43D7-B782-5EA17539D7EF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Issue summary: Checking excessively long DH keys or parameters may be very slow.\\n\\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\\ndelays. Where the key or parameters that are being checked have been obtained\\nfrom an untrusted source this may lead to a Denial of Service.\\n\\nThe function DH_check() performs various checks on DH parameters. After fixing\\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\\nan overly long computation during some of these checks. A correct q value,\\nif present, cannot be larger than the modulus p parameter, thus it is\\nunnecessary to perform these checks if q is larger than p.\\n\\nAn application that calls DH_check() and supplies a key or parameters obtained\\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\\n\\nThe function DH_check() is itself called by a number of other OpenSSL functions.\\nAn application calling any of those other functions may similarly be affected.\\nThe other functions affected by this are DH_check_ex() and\\nEVP_PKEY_param_check().\\n\\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\\nwhen using the \\\"-check\\\" option.\\n\\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\\n\\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\"}]",
      "id": "CVE-2023-3817",
      "lastModified": "2024-11-21T08:18:08.167",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2023-07-31T16:15:10.497",
      "references": "[{\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20230731.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Jul/43\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/31/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/06/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202402-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230818-0014/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231027-0008/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openssl.org/news/secadv/20230731.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "openssl-security@openssl.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"openssl-security@openssl.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-606\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-834\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-3817\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2023-07-31T16:15:10.497\",\"lastModified\":\"2025-05-05T16:15:47.343\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Issue summary: Checking excessively long DH keys or parameters may be very slow.\\n\\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\\ndelays. Where the key or parameters that are being checked have been obtained\\nfrom an untrusted source this may lead to a Denial of Service.\\n\\nThe function DH_check() performs various checks on DH parameters. After fixing\\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\\nan overly long computation during some of these checks. A correct q value,\\nif present, cannot be larger than the modulus p parameter, thus it is\\nunnecessary to perform these checks if q is larger than p.\\n\\nAn application that calls DH_check() and supplies a key or parameters obtained\\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\\n\\nThe function DH_check() is itself called by a number of other OpenSSL functions.\\nAn application calling any of those other functions may similarly be affected.\\nThe other functions affected by this are DH_check_ex() and\\nEVP_PKEY_param_check().\\n\\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\\nwhen using the \\\"-check\\\" option.\\n\\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\\n\\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"openssl-security@openssl.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-606\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-834\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.10\",\"matchCriteriaId\":\"E327FF28-8035-4914-B7D9-F96780BD9C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.1.0\",\"versionEndExcluding\":\"3.1.2\",\"matchCriteriaId\":\"9BA338C8-1C98-4928-9661-BC82501A8972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF0E6EB1-D656-458E-82B6-8C1ABDC13CB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"18797BEE-417D-4959-9AAD-C5A7C051B524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAA3C31-BD9D-45A9-A502-837FECA6D479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6455A421-9956-4846-AC7C-3431E0D37D23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60F946FD-F564-49DA-B043-5943308BA9EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B89180B-FB68-4DD8-B076-16E51CC7FB91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C986592-4086-4A39-9767-EF34DBAA6A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B23181C-03DB-4E92-B3F6-6B585B5231B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D9EC1C-4843-4026-9B05-E060E9391734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036FB24F-7D86-4730-8BC9-722875BEC807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDF148A3-1AA7-4F27-85AB-414C609C626F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E15B749E-6808-4788-AE42-7A1587D8697E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F80C8D-BCA2-40AD-BD22-B70C7BE1B298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B78EDF-6BB7-42C4-9423-9332C62C6E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2354F82-A01B-43D2-84F4-4E94B258E091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59AAE340-19BC-4879-AC48-9F4F338A3B61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2o:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6264EB97-9FBE-4DEB-A81D-EA0B2E4437FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59B58D80-485A-4CBD-9220-D6FDBD6FEE65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2q:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B1131CC-526D-45FF-ABEB-164100D0BE0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0739C502-4EDB-4D08-B2B9-04FAB98AFE02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB045D51-DAD7-44E1-BA80-4C90F0F4335F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A745BE4-2249-4251-8AD1-43F0F7EF2755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAEB85A6-B9F9-4EC1-942F-7E17A3854600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2v:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6D42CF-82FC-4A6F-9C4C-6DBF9470CABB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2w:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6029EAB-8DDE-4995-AFC8-4C17BDEC8DFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2x:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF8EEF0A-623B-46A8-9C0D-F5EC490128DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2y:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"024263ED-A240-4447-8926-E9D1EF4792E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2za:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEAC4D67-2D2A-45EF-8693-1D90EEC818EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2zb:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6852B09-CC89-4F9C-8245-59AD2C797AC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2zc:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A7A844C-EB18-443B-8B33-86C98BFF683E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2zd:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8538CCF3-19C0-4E55-B5F7-AC07A1D68E2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2ze:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCDDB86-9910-4251-91B0-D56EDE93BF49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2zf:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96BA4105-67FF-43BD-A655-7F5741AD8F8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2zg:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC2EEB54-2A48-4DB7-B95C-4B5072B98858\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2zh:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A32F8FD2-79D4-4349-95EF-8B2448993CAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C84061-63BE-49F6-B2F0-D96847E755E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"811DBBDB-4DD9-4440-A9EC-F97B161F1E1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A5C2FE6-8BFB-4C73-83E9-0CF230D4B452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre3:*:*:*:*:*:*\",\"matchCriteriaId\":\"230480C2-314E-4465-B09D-101DCC475E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre4:*:*:*:*:*:*\",\"matchCriteriaId\":\"5474A1A5-81F9-4B15-B145-C327EB098740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EEDDD3D-0598-4F1F-93CB-FAF6757BFF1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre6:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED226FB6-07FD-4713-BEFE-94456FA6F82F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre7:*:*:*:*:*:*\",\"matchCriteriaId\":\"11AE7A76-811B-46D0-9173-BC5A48560F67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4955261-CCEB-472B-9535-98B0CE04A321\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:pre9:*:*:*:*:*:*\",\"matchCriteriaId\":\"C36FAE41-0B70-4049-9AFA-8F762EF4FB00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42649AB8-1443-4036-9873-160D913BAD68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AE4A4BC-31BE-4EC5-907C-295D98484ABB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8A852AB-AE4C-4794-BE45-D49EECA9D440\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B34CE8C-FF32-433B-8527-CA04E7835AC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F73E774D-C6EB-4776-A847-3F331EC77204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF6D1346-43CD-41DE-9021-A98157FED8B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7364FED-4719-4EF5-8ABB-D36CBD8BE402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14479639-DF33-4AB7-B781-791BF8DA8382\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1i:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"900C1008-F297-47FD-A1BD-11A3BEFF02E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1j:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD1A1441-D118-4557-A8AA-88B20D332ED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AACE259-34C9-4100-8730-5BDA4B1B1A66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1l:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF15ABD-322D-413F-9707-C2A4508629D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69FAF390-8141-4451-9D80-76155BD4EADC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1n:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A54842A-332F-4092-ABE0-F3323541BE67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1o:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB72FEE3-190B-4326-ACD0-F52110536526\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1p:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AF40BB0-0C57-4BCD-815F-A3FF4EB42D14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1q:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA111F81-1347-4D7D-BA0F-88350174DAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1r:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46E4334B-6203-49B1-83E6-381E6D12DCBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1s:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76E919B-5E08-4C04-80FF-5F9DBA244B71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1t:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1DE6C9-DCAF-4896-912D-443A32B918F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5C8A0C3-BAAF-43D7-B782-5EA17539D7EF\"}]}]}],\"references\":[{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://www.openssl.org/news/secadv/20230731.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2023/Jul/43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/07/31/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/09/22/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/06/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202402-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230818-0014/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231027-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssl.org/news/secadv/20230731.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20230731.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5\", \"name\": \"3.1.2 git commit\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f\", \"name\": \"3.0.10 git commit\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5\", \"name\": \"1.1.1v git commit\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644\", \"name\": \"1.0.2zi patch (premium)\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Jul/43\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/07/31/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230818-0014/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/09/22/11\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231027-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/06/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202402-08\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:08:50.496Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-3817\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:26:20.624850Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:04:24.062Z\"}}], \"cna\": {\"title\": \"Excessive time spent checking DH q parameter value\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Bernd Edlinger\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Tomas Mraz\"}], \"metrics\": [{\"other\": {\"type\": \"https://www.openssl.org/policies/secpolicy.html\", \"content\": {\"text\": \"Low\"}}, \"format\": \"other\"}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.1.0\", \"lessThan\": \"3.1.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.1.1\", \"lessThan\": \"1.1.1v\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.0.2\", \"lessThan\": \"1.0.2zi\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-07-31T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.openssl.org/news/secadv/20230731.txt\", \"name\": \"OpenSSL Advisory\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5\", \"name\": \"3.1.2 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f\", \"name\": \"3.0.10 git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5\", \"name\": \"1.1.1v git commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644\", \"name\": \"1.0.2zi patch (premium)\", \"tags\": [\"patch\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Issue summary: Checking excessively long DH keys or parameters may be very slow.\\n\\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\\ndelays. Where the key or parameters that are being checked have been obtained\\nfrom an untrusted source this may lead to a Denial of Service.\\n\\nThe function DH_check() performs various checks on DH parameters. After fixing\\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\\nan overly long computation during some of these checks. A correct q value,\\nif present, cannot be larger than the modulus p parameter, thus it is\\nunnecessary to perform these checks if q is larger than p.\\n\\nAn application that calls DH_check() and supplies a key or parameters obtained\\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\\n\\nThe function DH_check() is itself called by a number of other OpenSSL functions.\\nAn application calling any of those other functions may similarly be affected.\\nThe other functions affected by this are DH_check_ex() and\\nEVP_PKEY_param_check().\\n\\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\\nwhen using the \\\"-check\\\" option.\\n\\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\\n\\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Issue summary: Checking excessively long DH keys or parameters may be very slow.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that use the functions DH_check(), DH_check_ex()\u003cbr\u003eor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\u003cbr\u003edelays. Where the key or parameters that are being checked have been obtained\u003cbr\u003efrom an untrusted source this may lead to a Denial of Service.\u003cbr\u003e\u003cbr\u003eThe function DH_check() performs various checks on DH parameters. After fixing\u003cbr\u003eCVE-2023-3446 it was discovered that a large q parameter value can also trigger\u003cbr\u003ean overly long computation during some of these checks. A correct q value,\u003cbr\u003eif present, cannot be larger than the modulus p parameter, thus it is\u003cbr\u003eunnecessary to perform these checks if q is larger than p.\u003cbr\u003e\u003cbr\u003eAn application that calls DH_check() and supplies a key or parameters obtained\u003cbr\u003efrom an untrusted source could be vulnerable to a Denial of Service attack.\u003cbr\u003e\u003cbr\u003eThe function DH_check() is itself called by a number of other OpenSSL functions.\u003cbr\u003eAn application calling any of those other functions may similarly be affected.\u003cbr\u003eThe other functions affected by this are DH_check_ex() and\u003cbr\u003eEVP_PKEY_param_check().\u003cbr\u003e\u003cbr\u003eAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\u003cbr\u003ewhen using the \\\"-check\\\" option.\u003cbr\u003e\u003cbr\u003eThe OpenSSL SSL/TLS implementation is not affected by this issue.\u003cbr\u003e\u003cbr\u003eThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-606\", \"description\": \"CWE-606 Unchecked Input for Loop Condition\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2024-10-14T14:55:48.907Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-3817\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T15:53:49.014Z\", \"dateReserved\": \"2023-07-21T08:47:25.638Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2023-07-31T15:34:13.627Z\", \"assignerShortName\": \"openssl\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.