Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40789
HistoryJun 05, 2023 - 2:04 a.m.

Denial Of Service (DoS)

2023-06-0502:04:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
23
openssl
vulnerability
denial of service
obj_obj2txt
software
message size limit

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

66.2%

openssl is vulnerable to Denial of Service (DoS). The vulnerability causes applications using ‘OBJ_obj2txt()’ directly, or use any OpenSSL subsystem with no message size limit to experience notable to very long delays when processing those messages, which may lead to a Denial of Service.

References

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

66.2%