OpenSSL DoS Vulnerability (20240516) - Windows

2024-05-1700:00:00

plugins.openvas.org

openssl

dos

vulnerability

windows

3.0

3.1

3.2

3.3

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

6.2

Confidence

Low

EPSS

Percentile

10.3%

JSON

OpenSSL is prone to a denial of service (DoS) vulnerability.

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:openssl:openssl";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.152251");
  script_version("2024-06-13T05:05:46+0000");
  script_tag(name:"last_modification", value:"2024-06-13 05:05:46 +0000 (Thu, 13 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-05-17 02:45:06 +0000 (Fri, 17 May 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_cve_id("CVE-2024-4603");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("OpenSSL DoS Vulnerability (20240516) - Windows");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Denial of Service");
  script_dependencies("gb_openssl_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("openssl/detected", "Host/runs_windows");

  script_tag(name:"summary", value:"OpenSSL is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Checking excessively long DSA keys or parameters may be very
  slow.

  Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a
  DSA public key or DSA parameters may experience long delays.");

  script_tag(name:"impact", value:"Where the key or parameters that are being checked have been
  obtained from an untrusted source this may lead to a Denial of Service.");

  script_tag(name:"affected", value:"OpenSSL versions 3.0, 3.1, 3.2 and 3.3.");

  script_tag(name:"solution", value:"Update to version 3.0.14, 3.1.6, 3.2.2, 3.3.1 or later.");

  script_xref(name:"URL", value:"https://www.openssl.org/news/secadv/20240516.txt");
  script_xref(name:"URL", value:"https://www.openssl.org/news/vulnerabilities.html");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range_exclusive(version: version, test_version_lo: "3.0", test_version_up: "3.0.14")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "3.0.14", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "3.1", test_version_up: "3.1.6")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "3.1.6", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "3.2", test_version_up: "3.2.2")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "3.2.2", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

if (version_in_range_exclusive(version: version, test_version_lo: "3.3", test_version_up: "3.3.1")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "3.3.1", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);