CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
66.2%
openssl is vulnerable to Denial of Service (DoS). The vulnerability causes applications using ‘OBJ_obj2txt()’ directly, or use any OpenSSL subsystem with no message size limit to experience notable to very long delays when processing those messages, which may lead to a Denial of Service.
www.openwall.com/lists/oss-security/2023/05/30/1
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098
git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a
lists.debian.org/debian-lts-announce/2023/06/msg00011.html
psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/main.yaml
security.gentoo.org/glsa/202402-08
security.netapp.com/advisory/ntap-20230703-0001/
security.netapp.com/advisory/ntap-20231027-0009/
www.debian.org/security/2023/dsa-5417
www.openssl.org/news/secadv/20230530.txt