K000149306: OpenSSL vulnerability CVE-2024-4603

Security Advisory Description Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or...

OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function

OpenSSL is vulnerable to a denial-of-service DoS issue due to how there is no restriction on RSA public key size, or the subsequent time spent processing such keys. Applications that use the EVPPKEYpubliccheck function to check RSA public keys obtained from potentially untrusted sources can be...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / edk2 / hvloader / nodejs / nodejs18 / openssl (CVE-2024-4603)

The version of cloud-hypervisor-cvm / edk2 / hvloader / nodejs / nodejs18 / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4603 advisory. - Issue summary: Checking excessively long DSA ke...

ROS-20240606-10

Vulnerability of EVPPKEYparamcheck or EVPPKEYpubliccheck functions of cryptographic library OpenSSL is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

OpenSSL DoS Vulnerability (20240516) - Linux

OpenSSL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

CVE-2024-4603 Excessive time spent checking DSA keys and parameters

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

ROS-20240503-11

Vulnerability of OpenSSL library EVPPKEYpubliccheck function is related to uncontrolled resource consumption. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service DoS. denial of service DoS...

CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1461)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-520)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-520 advisory. A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is ...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1113)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-6237

A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...

OpenSSL DoS Vulnerability (20240115) - Windows

OpenSSL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

OpenSSL 3.2.0 < 3.2.1 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.1 advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service...

Oracle Linux 8 : openssl (ELSA-2023-7877)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7877 advisory. - Backport implicit rejection mechanism for RSA PKCS1 v1.5 to RHEL-8 series a proper fix for CVE-2020-25659 Resolves: RHEL-17696 - Fix CVE-2023-5678:...

Oracle Linux 9 : openssl (ELSA-2023-0946)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0946 advisory. - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed...

Denial Of Service (DoS)

openssl is vulenerable to denial of service DoS. The vulnerability exists in EVPPKEYpubliccheck function because it can be triggered on read when an application tries to check a malformed DSA public key which will allow an attacker to lead an application crash...

openssl-src subject to NULL dereference validating DSA public key

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

CVE-2023-0217

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

Null pointer dereference

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...