CVE-2023-3446

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 19, 2023

Updated: Jun 10, 2024

CWE ID 1333

Summary

CVE-2023-3446: Excessively long DH keys or parameters used in OpenSSL functions DH_check(), DH_check_ex(), and EVP_PKEY_param_check() can cause prolonged delays, potentially leading to a Denial of Service (DoS) attack. Affected applications may call these functions with untrusted key or parameter inputs, allowing an attacker to exploit this vulnerability. The SSL/TLS implementation in OpenSSL is not affected, but the dhparam and pkeyparam command line applications are vulnerable when using the '-check' option. The OpenSSL 3.0 and 3.1 FIPS providers are also not affected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

OpenSSL

Affected Vendors

The OpenSSL Project

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners