[FREEBSD:A5956603-7E4F-11EE-9DF6-84A93843EB75] OpenSSL -- DoS in DH generation
Severity
Medium
Affected Packages
5
CVEs
1
The OpenSSL project reports:
Excessive time spent in DH check / generation with large Q
parameter value (low).
Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow.
Package | Affected Version |
---|---|
pkg:freebsd/openssl31-quictls | < 3.1.4_1 |
pkg:freebsd/openssl31 | < 3.1.4_1 |
pkg:freebsd/openssl111 | < 1.1.1w_1 |
pkg:freebsd/openssl-quictls | < 3.0.12_1 |
pkg:freebsd/openssl | < 3.0.12_1,1 |
- ID
- FREEBSD:A5956603-7E4F-11EE-9DF6-84A93843EB75
- Severity
- medium
- Severity from
- CVE-2023-5678
- URL
- http://vuxml.freebsd.org/freebsd/a5956603-7e4f-11ee-9df6-84a93843eb75.html
- Published
-
2023-11-08T00:00:00
(10 months ago) - Modified
-
2023-11-08T00:00:00
(10 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS-2023-1891
- ALAS2-2023-2350
- ALAS2-2023-2351
- ALAS2-2024-2502
- ALPINE:CVE-2023-5678
- ALSA-2023:7877
- ALSA-2024:2447
- ELSA-2023-7877
- ELSA-2024-12056
- ELSA-2024-2447
- RHSA-2023:7877
- RHSA-2024:2447
- SSA:2024-199-01
- SUSE-SU-2023:4488-1
- SUSE-SU-2023:4489-1
- SUSE-SU-2023:4518-1
- SUSE-SU-2023:4519-1
- SUSE-SU-2023:4520-1
- SUSE-SU-2023:4521-1
- SUSE-SU-2023:4522-1
- SUSE-SU-2023:4523-1
- SUSE-SU-2023:4524-1
- SUSE-SU-2023:4593-1
- SUSE-SU-2023:4635-1
- SUSE-SU-2023:4649-1
- SUSE-SU-2023:4918-1
- SUSE-SU-2023:4919-1
- USN-6622-1
- USN-6632-1
- USN-6709-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.openssl.org/news/secadv/20231106.txt |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/openssl31-quictls | openssl31-quictls | < 3.1.4_1 | ||||
Affected | pkg:freebsd/openssl31 | openssl31 | < 3.1.4_1 | ||||
Affected | pkg:freebsd/openssl111 | openssl111 | < 1.1.1w_1 | ||||
Affected | pkg:freebsd/openssl-quictls | openssl-quictls | < 3.0.12_1 | ||||
Affected | pkg:freebsd/openssl | openssl | < 3.0.12_1,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |