REDHAT-BUG-2224962
First published: Mon Jul 24 2023(Updated: )
Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. OpenSSL 3.1, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. <a href="http://www.openwall.com/lists/oss-security/2023/07/19/4">http://www.openwall.com/lists/oss-security/2023/07/19/4</a> <a href="http://www.openwall.com/lists/oss-security/2023/07/19/5">http://www.openwall.com/lists/oss-security/2023/07/19/5</a> <a href="http://www.openwall.com/lists/oss-security/2023/07/19/6">http://www.openwall.com/lists/oss-security/2023/07/19/6</a> <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb</a> <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528</a> <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c</a> <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23</a> <a href="https://www.openssl.org/news/secadv/20230719.txt">https://www.openssl.org/news/secadv/20230719.txt</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSL | >=1.0.2<=3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2023/07/19/4
- http://www.openwall.com/lists/oss-security/2023/07/19/5
- http://www.openwall.com/lists/oss-security/2023/07/19/6
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
- https://www.openssl.org/news/secadv/20230719.txt
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2225349
- https://access.redhat.com/errata/RHSA-2023:7622
- https://access.redhat.com/errata/RHSA-2023:7623
- https://access.redhat.com/errata/RHSA-2023:7625
- https://access.redhat.com/errata/RHSA-2023:7626
- https://access.redhat.com/errata/RHSA-2023:7877
- https://access.redhat.com/errata/RHSA-2024:0154
- https://access.redhat.com/errata/RHSA-2024:0208
- https://access.redhat.com/errata/RHSA-2024:0408
- https://access.redhat.com/errata/RHSA-2024:0888
- https://access.redhat.com/errata/RHSA-2024:1415
- https://access.redhat.com/errata/RHSA-2024:2264
- https://access.redhat.com/errata/RHSA-2024:2447
- https://bugzilla.redhat.com/show_bug.cgi?id=2224962
- agent/type
- agent/first-publish-date
- agent/severity
- agent/description
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-3446
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openssl
- canonical/openssl