MiracleLinux 8 : openssl-1.1.1k-12.el8_9 (AXSA:2024-7354:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7354:01 advisory. openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 OpenSSL: Excessive time spent checking DH q parameter value CVE-2023-381...

MiracleLinux 8 : edk2-20220126gitbb1bba3d77-6.el8_9.3 (AXSA:2024-7542:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7542:02 advisory. openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : openssl-1.0.2k-26.0.5.el7.AXS7 (AXSA:2025-10928:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10928:04 advisory. CVE-2023-3446: fix DHcheck excessive time with over sized modulus CVEs: CVE-2023-3446 Issue summary: Checking excessively long DH keys or parameters may be...

openssl security update

An update is available for openssl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

CLSA-2025-1758635382 openssl: Fix of CVE-2023-3446

CVE-2023-3446: fix DHcheck excessive time with over sized modulus...

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 ]

Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...

TencentOS Server 3: openssl (TSSA-2023:0325)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0325 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0047: openssl (ALINUX3-SA-2024:0047)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0047 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-3446: Issue summary: Checking...

Linux Distros Unpatched Vulnerability : CVE-2023-3446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or...

Siemens SIMATIC and SCALANCE Devices Inefficient Regular Expression Complexity (CVE-2023-3446)

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

Security Bulletin: IBM Storage Scale System may be affected by vulnerabilities in OpenSSL

Summary Security vulnerabilities have been discovered in OpenSSL that are now fixed. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH...

CVE-2023-3446 affecting package hvloader for versions less than 1.0.1-6

CVE-2023-3446 affecting package hvloader for versions less than 1.0.1-6. An upgraded version of the package is available that resolves this issue...

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [ CVE-2023-3446]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck,...

Ubuntu: Security Advisory (USN-7018-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in openssl library (CVE-2023-3446, CVE-2023-3817, CVE-2023-5678) affect Power HMC.

Summary The openssl library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functio...

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in the RHEL UBI (CVE-2023-2650, CVE-2023-3446, CVE-2023-4807)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-2650, CVE-2023-3446, CVE-2023-4807. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial...

Photon OS 4.0: Openssl PHSA-2023-4.0-0436

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0436. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CBL Mariner 2.0 Security Update: hvloader / openssl (CVE-2023-3446)

The version of hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3446 advisory. - Issue summary: Checking excessively long DH keys or parameters May be very slow. Impact summary:...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...