A vulnerability classified as critical hasbeen found inOpenSSL up to 1.0.2zi/1.1.1w/3.0.12/3.1.4(Network Encryption Software).CWE is classifying the issue as CWE-834. The productperforms an iteration or loop withoutsufficiently limitingthe number oftimes that the loop is executed.This is going to have an impact on availability.Upgrading to version 1.0.2zj-dev, 1.1.1x-dev, 3.0.13-dev or 3.1.5-dev eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfixis ready for download at git.openssl.org. The best possible mitigation is suggested tobe upgrading to the latest version.
Issue summary: Generating excessively longX9.42 DH keysor checkingexcessively long X9.42 DH keysor parameters may be very slow.Impact summary: Applications that use the functionsDH_generate_key() togenerate an X9.42DH key may experiencelong delays. Likewise, applicationsthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()to check an X9.42 DH key or X9.42 DH parameters may experience long delays.Where the key or parameters that are being checked have been obtainedfroman untrusted source this may lead to a Denial of Service.While DH_check() performsall the necessary checks (as of CVE-2023-3817),DH_check_pub_key() doesn t make any of these checks, and is thereforevulnerable for excessively large P and Q parameters.Likewise, while DH_generate_key() performs a check for an excessively largeP, it doesn t check for an excessively large Q.An application that calls DH_generate_key() or DH_check_pub_key() andsupplies a key or parameters obtained from an untrusted source could bevulnerable to a Denial of Service attack.DH_generate_key() and DH_check_pub_key() are also called by a number ofother OpenSSL functions. An application calling any of those otherfunctions may similarly be affected. The other functions affected by thisare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().Also vulnerable are the OpenSSL pkey command line application when using the -pubcheck option, as well as the OpenSSL genpkey command line application.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
