1. Home
  2. Security Advisories
  3. FreeBSD
  4. FREEBSD:A5956603-7E4F-11EE-9DF6-84A93843EB75

[FREEBSD:A5956603-7E4F-11EE-9DF6-84A93843EB75] OpenSSL -- DoS in DH generation

Severity Medium
Affected Packages 5
CVEs 1
Info Packages References Vulnerabilities

The OpenSSL project reports:

  Excessive time spent in DH check / generation with large Q
    parameter value (low).
    Generating excessively long X9.42 DH keys or checking
    excessively long X9.42 DH keys or parameters may be very slow.
Package Affected Version
pkg:freebsd/openssl31-quictls < 3.1.4_1
pkg:freebsd/openssl31 < 3.1.4_1
pkg:freebsd/openssl111 < 1.1.1w_1
pkg:freebsd/openssl-quictls < 3.0.12_1
pkg:freebsd/openssl < 3.0.12_1,1
ID
FREEBSD:A5956603-7E4F-11EE-9DF6-84A93843EB75
Severity
medium
Severity from
CVE-2023-5678
URL
http://vuxml.freebsd.org/freebsd/a5956603-7e4f-11ee-9df6-84a93843eb75.html
Published
2023-11-08T00:00:00
(10 months ago)
Modified
2023-11-08T00:00:00
(10 months ago)
Rights
FreeBSD VuXML Security Team
Other Advisories
Source # ID Name URL
FreeBSD VuXML https://www.openssl.org/news/secadv/20231106.txt
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:freebsd/openssl31-quictls openssl31-quictls < 3.1.4_1
Affected pkg:freebsd/openssl31 openssl31 < 3.1.4_1
Affected pkg:freebsd/openssl111 openssl111 < 1.1.1w_1
Affected pkg:freebsd/openssl-quictls openssl-quictls < 3.0.12_1
Affected pkg:freebsd/openssl openssl < 3.0.12_1,1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date