Lucene search

K
redhatcveRedhat.comRH:CVE-2024-4603
HistoryMay 17, 2024 - 8:36 p.m.

CVE-2024-4603

2024-05-1720:36:02
redhat.com
access.redhat.com
5
dsa
public key
parameters
denial of service
openssl
fips

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters. In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%