Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. The OpenSSL SSL/TLS implementation is not affected by this issue. "-pubcheck" option, as well as the OpenSSL genpkey command line application. The other functions affected by thisĪre DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().Īlso vulnerable are the OpenSSL pkey command line application when using the An application calling any of those otherįunctions may similarly be affected. Vulnerable to a Denial of Service attack.ĭH_generate_key() and DH_check_pub_key() are also called by a number of Supplies a key or parameters obtained from an untrusted source could be P, it doesn't check for an excessively large Q.Īn application that calls DH_generate_key() or DH_check_pub_key() and Likewise, while DH_generate_key() performs a check for an excessively large Vulnerable for excessively large P and Q parameters. While DH_check() performs all the necessary checks (as of CVE-2023-3817),ĭH_check_pub_key() doesn't make any of these checks, and is therefore Where the key or parameters that are being checked have been obtained fromĪn untrusted source this may lead to a Denial of Service. To check an X9.42 DH key or X9.42 DH parameters may experience long delays. That use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() Generate an X9.42 DH key may experience long delays. Impact summary: Applications that use the functions DH_generate_key() to Issue summary: Generating excessively long X9.42 DH keys or checkingĮxcessively long X9.42 DH keys or parameters may be very slow.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |